We use cookies to improve your experience on our site.
AVID-2026-R1443
Description
Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf (CVE-2024-27134)
Details
Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.
Reason for inclusion in AVID: The CVE describes a software vulnerability in MLflow (a tool commonly used in ML pipelines) that enables local privilege escalation via spark_udf due to excessive directory permissions. This is a vulnerability affecting software components used to build/deploy/run AI systems, i.e., a general-purpose AI software supply chain issue. Evidence includes the CVE description and referenced PR, indicating a TOCTOU/permission-related exploit. The issue is not hardware-only and has clear security impacts (privilege escalation).
References
Affected or Relevant Artifacts
- Developer: Unknown
- Deployer: Unknown
- Artifact Details:
| Type | Name |
|---|---|
| System | Unknown System |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Base Score | 7.0 |
| Base Severity | 🔴 High |
| Attack Vector | LOCAL |
| Attack Complexity | 🔴 High |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality Impact | 🔴 High |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-367 | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| CWE-276 | CWE-276 Incorrect Default Permissions |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-11-25
- Version: 0.3.3
- AVID Entry