os icon indicating copy to clipboard operation
os copied to clipboard
verified publisher icon wolfi-dev

mlflow/2.17.0 package update

Open octo-sts[bot] opened this issue 1 year ago • 1 comments

octo-sts[bot] avatar Oct 14 '24 14:10 octo-sts[bot]

malcontent detected files with a risk score equal or higher than 'CRITICAL': Click to expand/collapse

/tmp/malcontent813768714/packages/x86_64/mlflow-bitnami-2.17.0-r0.apk/usr/share/mlflow/lib/python3.12/site-packages/mlflow/pypi_package_index.json [🚨 CRITICAL]

RISK KEY DESCRIPTION EVIDENCE
HIGH admin/pip_install Installs software using pip from python pipinstall","pynvi
pipinstall","screenly-ose
pipinstall-whp
pipinstallable-script
pipinstallable-testscript
pipinstaller
HIGH combo/backdoor/net_shell sniffs network traffic, executes shell exec
libpcap
shell
system
HIGH combo/exploit/overflow/shellcode Buffer overflow exploit address
offset
padding
shellcode
HIGH combo/stealer/usbmon_webproxy_zipper usbmon webproxy zipper usbmon
webproxy
zip
HIGH combo/wiper/crypto May encrypt, wipe files, and kill processes encrypt
hostname
kill
processes
uname
wipe
CRITICAL crypto/mining/competitive crypto miner virus killer
miner
p2p
protector
rootkit
spreader
updater
HIGH crypto/mining/cryptonight References CryptoNight, a proof-of-work algorithm cryptonight
HIGH crypto/mining/generic danger crypto miner hashvault
xmrig
CRITICAL crypto/mining/multiple References multiple types of mining pools ethermine
ezil
flypool
whales
HIGH crypto/mining/nicehash_pool References Nicehash and mining pools nicehash
pool
HIGH crypto/mining/xmrig References XMRig, a high-performance cryptocurrency miner xmrig
HIGH device/hardware/enumeration linux dmidecode hardware profiler high dmidecode","fnord-eas
dmidecode","logdissect","odoo13-addon-seq
CRITICAL evasion/rootkit appears to be a Linux rootkit miner
rootkit
sshd
systemctl
HIGH net/geoip public service for IP geolocation freegeoip
HIGH net/public_ip public service to discover external IP address wtfismyip
HIGH privesc/rootshell references a root shell rootshell
HIGH ref/program/metasploit metasploit metasploit
HIGH ref/words/backdoor References a 'backdoor' backdoor-io
invisible-backdoor-detector
lib-backdoor
the-backdoor-factory
HIGH ref/words/ddos References an IP flooder stresser
HIGH ref/words/exploit References an exploit sploit
HIGH ref/words/implant References an Implant implant
HIGH ref/words/trojan References a Trojan trojan
HIGH secrets/sshd/memory/map May access the memory map for sshd passwd
password
ptrace
sshd
tracer
HIGH shell/reverse references a reverse shell reverseshell
revshell
webshell
HIGH ui/screen/capture macos screencapture caller screencapture

octo-sts[bot] avatar Oct 14 '24 15:10 octo-sts[bot]

The malcontent finding is from several partial string matches from a ~565,000-line JSON file with known PyPI package names generated via this script: https://github.com/mlflow/mlflow/blob/master/dev/update_pypi_package_index.py

egibs avatar Oct 15 '24 22:10 egibs

Thanks @egibs - is this investigation still pending or are we clear to proceed?

mamccorm avatar Oct 16 '24 10:10 mamccorm