https://phucrio.me/tags/mlflow/Recent content in Mlflow on Rio BlogHugo -- 0.150.0enSun, 31 May 2026 17:38:09 -0400https://phucrio.me/posts/htb-smarthire-write-up/Sat, 30 May 2026 14:00:00 +0700https://phucrio.me/posts/htb-smarthire-write-up/<h2 id="summary">Summary</h2> <p>SmartHire is a medium-difficulty Linux machine from HackTheBox. It hosts an AI hiring platform built with Flask on nginx, using <strong>MLflow</strong> for model management. Initial access is gained via <strong>CVE-2024-37054</strong>, a pickle deserialization vulnerability in MLflow that allows remote code execution by overwriting a model artifact with a malicious payload. Privilege escalation exploits a writable plugin directory combined with a sudo rule — a crafted <code>.pth</code> file executed by <code>site.addsitedir()</code> runs as root.</p>