AI/ML, Vulnerability Management

Machine learning platform vulnerabilities detailed

Share
Vulnerability management

Significant security vulnerabilities have been discovered across various machine learning platforms, according to SiliconAngle.

Weights and Biases' open-source Weave toolkit for generative artificial intelligence development has been impacted with a directory traversal flaw, tracked as CVE-2024-7340, which could be leveraged to facilitate unauthorized file access and privilege escalation, while ML pipeline management platform ZenML Cloud was affected by an improper access control bug enabling admin privileges, an analysis from JFrog revealed. On the other hand, both the Deep Lake database, Vanna AI, and the Mage AI server are impacted by vulnerabilities that could be exploited to achieve remote code execution. "These vulnerabilities allow attackers to hijack important servers in the organization such as ML model registries, ML databases and ML pipeline. Exploitation of some of these vulnerabilities can have a big impact on the organization — especially given the inherent post-exploitation vectors present in ML such as backdooring models to be consumed by multiple clients," said researchers.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.