Skip to content

Non-member user is capable of creating Model experiment and updating existing run's status in other user's public project

Please read the process on how to fix security issues before starting to work on the issue. Vulnerabilities must be fixed in a security mirror.

HackerOne report #2083440 by ricardobrito on 2023-07-25, assigned to @cmaxim:

Report | How To Reproduce

Report

Hi team!

Summary

Gitlab 16.2 recently introduced the ability to Track your machine learning model experiments. This feature contains some API calls that allows Machine Learning engineers to use Gitlab to track the parameters, results, etc of their Machine Learning experiments. However, I found that the API does not verify whether the user is a member of the project in which he creates/lists machine learning experiments.

Pre-requisites

This feature seems to be behind a feature flag, which can be enabled using:

Feature.enable(:ml_experiment_tracking)

in the console.

Steps to reproduce

  1. As the admin, create a public project and keep track of the project ID
  2. Next, as a non-member of the project created in step 1, say with User A account, create an API token
  3. Next, make the POST following request, and make sure to set the :id variable to the id of step 1:

https://YOUR-GITLAB-INSTANCE/v4/projects/:id/ml/mlflow/api/2.0/mlflow/experiments/create
payload:

{"name":"experiment by user A"}
  1. Now as the admin go to https://YOUR-GITLAB-INSTANCE/root/:project-path/-/ml/experiments
    You will see the experiment created by user A, even though he is not a member of the project.

Technical details

I am not 100% sure of the reason why this happens but it seems that this section of code located in the file lib/api/ml/mlflow/entrypoint.rb (lines 13-21), only check if the user has a token with the proper access scopes (not whether the user is a member of the project):

        helpers ::API::Ml::Mlflow::ApiHelpers

        allow_access_with_scope :api  
        allow_access_with_scope :read_api, if: ->(request) { request.get? || request.head? }

        feature_category :mlops

        content_type :json, 'application/json'  
        default_format :json

Impact

A non-member of a project is capable of creating and reading Machine Learning experiments records inside the project.

How To Reproduce

Please add reproducibility information to this section: