Invia #855675: Weights & Biases wandb 0.25.2.dev1 at commit 28cc0bf5a9b529b72e5e501d0a48c6c42220ae0a; earlier versions may be affected if they use the same MD5-based CWE-328 Use of Weak Hashinformazioni

TitoloWeights & Biases wandb 0.25.2.dev1 at commit 28cc0bf5a9b529b72e5e501d0a48c6c42220ae0a; earlier versions may be affected if they use the same MD5-based CWE-328 Use of Weak Hash
DescrizioneA vulnerability was found in Weights & Biases wandb 0.25.2.dev1 and classified as a supply-chain artifact integrity weakness. Affected is the artifact download and verification logic in the Python SDK. The SDK stores and verifies artifact file identity using MD5 digests encoded as base64. During artifact download, an existing destination file can be accepted when its cached checksum equals the manifest entry digest. If no cached checksum is available, the SDK computes md5_file_b64(dest_path) and accepts the file when it equals self.digest. The affected code path is ArtifactManifestEntry.download() in wandb/sdk/artifacts/artifact_manifest_entry.py. The digest is produced by md5_file_b64() in wandb/sdk/lib/hashutil.py. Artifact.add_file() stores md5_file_b64(local_path) as the artifact entry digest, and ArtifactManifestV1.digest() calculates the manifest digest from path:entry.digest pairs. The artifact object cache is also keyed by the MD5 digest. An attacker who can influence an artifact, poison the artifact cache, substitute a downloaded object, or pre-place a file in the artifact download destination can use two different same-size files with the same MD5 digest. The malicious file is then accepted as matching the benign artifact entry because the SDK treats MD5 equality as sufficient evidence of file integrity. Authentication required: yes, in the common project-collaborator or artifact-publisher scenario. User interaction required: yes, unless the victim's CI, training, evaluation, or deployment pipeline automatically downloads and consumes the artifact. Technical Details - Affected file/function: wandb/sdk/artifacts/artifact_manifest_entry.py / ArtifactManifestEntry.download() - Vulnerable parameter: ArtifactManifestEntry.digest - Attack vector: Network or local cache/download directory influence - Privileges required: Low in a shared project or artifact publishing context; None if the victim voluntarily consumes a public attacker-controlled artifact - Trigger condition: A victim downloads or verifies an artifact whose expected content and substituted content share the same MD5 digest, or uses a poisoned artifact cache/download destination containing a colliding file Impact - Confidentiality: Low. The vulnerability does not directly read secrets, but malicious artifacts may lead to credential or data theft when consumed by downstream workflows. - Integrity: High. Artifact contents, training data, model files, checkpoints, configs, or evaluation inputs can be substituted while passing SDK integrity checks. - Availability: Low. Malicious artifact content can break training/evaluation/deployment workflows. CVSS v3.1 Score: 5.9 (Medium) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L Timeline - Discovered: 2026-06-11 - Vendor notified: [unknown] - Patch released: [unknown] - Public disclosure: [unknown] Countermeasure Replace MD5-based artifact file identity with a collision-resistant digest such as SHA-256. Avoid accepting cached or destination files solely because an MD5 digest matches. Provide a compatibility migration path for existing artifacts, for example by storing and verifying a stronger digest alongside legacy MD5 metadata.
Fonte⚠️ https://github.com/wandb/wandb/issues/12030
Utente
 Dem0000000 (UID 98743)
Sottomissione11/06/2026 05:07 (1 mese fa)
Moderazione13/07/2026 17:38 (1 month later)
StatoAccettato
Voce VulDB378114 [wandb 0.25.2.dev1 Artifact Integrity Validation hashutil.py ArtifactManifestEntry.download cifratura debole]
Punti20

Do you need the next level of professionalism?

Upgrade your account now!