Amazon SageMaker Python SDK HMAC Exposure Vulnerability in DescribeTrainingJob API
Vulnerability
A vulnerability exists in the Amazon SageMaker Python SDK versions prior to 3.2.0 and 2.256.0, where the ModelBuilder HMAC signing key is included in cleartext within the response elements of the DescribeTrainingJob function. This exposure allows third parties with the appropriate permissions to call this API and modify objects in the Training Jobs S3 output location, potentially leading to the upload and execution of arbitrary artifacts in subsequent Training Job runs.
Impact
The exposed HMAC key can be extracted and used to forge cloud-pickled payloads with valid HMACs, allowing for the overwriting of S3 objects.
Remediation
Users are advised to upgrade to the latest version of the Amazon SageMaker Python SDK. The HMAC exposure issue has been fixed in versions 3.2.0 and 2.256.0. For those using self-signed certificates for internal model downloads, add the private Certificate Authority certificate to the container image instead of relying on the SDK's previous insecure configuration.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.