Amazon SageMaker Python SDK Insecure TLS Configuration Vulnerability

A vulnerability exists in the Amazon SageMaker Python SDK in versions prior to 3.1.1 and 2.256.0, where TLS certificate verification is disabled for HTTPS connections made by the service when a Triton Python model is imported. This flaw allows requests with invalid or self-signed certificates to be accepted. The issue was introduced to bypass SSL errors during model downloads from public sources, such as TorchVision, and affects all HTTPS connections when the Triton Python model is used.

Impact

Exploitation of this vulnerability allows for the acceptance of invalid and self-signed TLS certificates, potentially leading to man-in-the-middle attacks or the interception of sensitive data.

Remediation

Users are advised to upgrade to Amazon SageMaker Python SDK versions 3.1.1 or 2.256.0. For those using self-signed certificates for internal model downloads, add the private Certificate Authority (CA) certificate to the container image instead of relying on the SDK's previous insecure configuration.