CVE-2024-4263
published 2024-05-16CVE-2024-4263: A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can…
PriorityP431medium5.4CVSS 3.1
AVNACLPRLUINSUCNILAL
EPSS
0.33%
24.7th percentile
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lfprojects | mlflow | < 2.12.1 | 2.12.1 |
| lfprojects | mlflow | >= 0 < 2.10.1 | 2.10.1 |
| lfprojects | mlflow | >= 0 < b43e0e3de5b500554e13dc032ba2083b2d6c94b8 | b43e0e3de5b500554e13dc032ba2083b2d6c94b8 |
| mlflow | mlflow_mlflow | >= unspecified < 2.10.1 | 2.10.1 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MLflow allows low privilege users to delete any artifact
ghsa·2024-05-16
CVE-2024-4263 [MEDIUM] CWE-284 MLflow allows low privilege users to delete any artifact
MLflow allows low privilege users to delete any artifact
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
OSV
CVE-2024-4263: A broken access control vulnerability exists in mlflow/mlflow versions before 2
osv·2024-05-16
CVE-2024-4263 CVE-2024-4263: A broken access control vulnerability exists in mlflow/mlflow versions before 2
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
OSV
MLflow allows low privilege users to delete any artifact
osv·2024-05-16
CVE-2024-4263 [MEDIUM] MLflow allows low privilege users to delete any artifact
MLflow allows low privilege users to delete any artifact
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-11233 php: Single byte overread with convert.quoted-printable-decode filter
bugzilla·2024-11-24·CVSS 8.2
CVE-2024-11233 [HIGH] CVE-2024-11233 php: Single byte overread with convert.quoted-printable-decode filter
CVE-2024-11233 php: Single byte overread with convert.quoted-printable-decode filter
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
Discussion:
Is there a status update as to when this will be patched for, or PHP moved to 8.1.31, please?
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:4263 https://access.redhat.com/errata/RHSA-2025:4263
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:7315 https://access.redhat.com/errata/RHSA-2025:7315
--
Bugzilla
CVE-2024-11234 php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
bugzilla·2024-11-24·CVSS 7.2
CVE-2024-11234 [HIGH] CVE-2024-11234 php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
CVE-2024-11234 php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:4263 https://access.redhat.com/errata/RHSA-2025:4263
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:7315 htt
2024-05-16
Published