VulnWatch VulnWatch
← Back to dashboard
Medium osv ยท GHSA-qpgc-w4mg-6v92

MLflow's excessive directory permissions allow local privilege escalation

Published Nov 25, 2024 CVSS 4.0
Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.
Auth Bypass

Affected AI Products

mlflow
View original source