Lucene search
@huntr_aiCVE-2023-6974HistoryDec 20, 2023 - 6:15 a.m.
CVE-2023-6974
2023-12-2006:15:45
CWE-918
@huntr_ai
web.nvd.nist.gov
31
cve-2023-6974
security vulnerability
remote code execution
http
https
nvd
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.003
Percentile
66.3%
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
Affected configurations
Node
lfprojectsmlflowRange<2.9.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lfprojects | mlflow | * | cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "mlflow",
"product": "mlflow/mlflow",
"versions": [
{
"version": "unspecified",
"lessThan": "2.9.2",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
veracode
veracode
Server Side Request Forgery (SSRF)
2023-12-21 06:44:14
prion
prion
Remote code execution
2023-12-20 06:15:00
nvd
nvd
CVE-2023-6974
2023-12-20 06:15:45
osv
osv
MLflow Server-Side Request Forgery (SSRF)
2023-12-20 06:30:25
CVE-2023-6974
2023-12-20 06:15:45
BIT-mlflow-2023-6974
2024-03-06 10:56:37
cvelist
cvelist
CVE-2023-6974 Server-Side Request Forgery (SSRF)
2023-12-20 05:25:42
github
github
MLflow Server-Side Request Forgery (SSRF)
2023-12-20 06:30:25
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.003
Percentile
66.3%
Related for CVE-2023-6974