Lucene search
GoogleOSV:GHSA-59V3-898R-QWHJHistoryDec 20, 2023 - 6:30 a.m.
MLflow Server-Side Request Forgery (SSRF)
2023-12-2006:30:25
Google
osv.dev
3
mlflow
ssrf
vulnerability
remote code execution
http
server
aws
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.003
Percentile
66.3%
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abused to get a remote code execution on the victim machine.
Related
veracode
veracode
Server Side Request Forgery (SSRF)
2023-12-21 06:44:14
prion
prion
Remote code execution
2023-12-20 06:15:00
nvd
nvd
CVE-2023-6974
2023-12-20 06:15:45
cvelist
cvelist
CVE-2023-6974 Server-Side Request Forgery (SSRF)
2023-12-20 05:25:42
osv
osv
CVE-2023-6974
2023-12-20 06:15:45
BIT-mlflow-2023-6974
2024-03-06 10:56:37
cve
cve
CVE-2023-6974
2023-12-20 06:15:45
github
github
MLflow Server-Side Request Forgery (SSRF)
2023-12-20 06:30:25
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.003
Percentile
66.3%
Related for OSV:GHSA-59V3-898R-QWHJ