CVE-2024-6838

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in the `artifact_location` parameter while creating the experiment.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0	Exploit
https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:lfprojects:mlflow:2.13.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-04-01 20:33

NVD link : CVE-2024-6838

Mitre link : CVE-2024-6838

CVE.ORG link : CVE-2024-6838

JSON object : View

Products Affected

lfprojects

mlflow

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-6838", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:33.620", "references": [{"url": "https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "https://huntr.com/bounties/8ad52cb2-2cda-4eb0-aec9-586060ee43e0", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of service. Additionally, there is no character limit in the `artifact_location` parameter while creating the experiment."}, {"lang": "es", "value": "En mlflow/mlflow versi\u00f3n v2.13.2, existe una vulnerabilidad que permite crear o renombrar un experimento con una gran cantidad de enteros debido a la falta de un l\u00edmite en el nombre del experimento. Esto puede provocar que el panel de interfaz de usuario de MLflow deje de responder, lo que puede provocar una denegaci\u00f3n de servicio. Adem\u00e1s, no hay l\u00edmite de caracteres en el par\u00e1metro `artifact_location` al crear el experimento."}], "lastModified": "2025-04-01T20:33:56.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mlflow:2.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AC00A6B-F1BE-4DA6-892D-C24FEE5FA97D"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}