CVE-2023-6974

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555	Patch
https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*

History

29 Dec 2023, 14:13

Type	Values Removed	Values Added
References	~~() https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555 -~~	() https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555 - Patch
References	~~() https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393 -~~	() https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393 - Exploit, Third Party Advisory
Summary		(es) Un usuario malintencionado podría utilizar este problema para acceder a servidores HTTP internos y, en el peor de los casos (es decir, instancia de AWS), podría ser un abuso obtener una ejecución remota de código en la máquina víctima.
CPE		cpe:2.3:a:lfprojects:mlflow::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~8.6~~	v2 : unknown v3 : 9.8
First Time		Lfprojects Lfprojects mlflow

20 Dec 2023, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-20 06:15

Updated : 2023-12-29 14:13

NVD link : CVE-2023-6974

Mitre link : CVE-2023-6974

CVE.ORG link : CVE-2023-6974

JSON object : View

Products Affected

lfprojects

mlflow

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2023-6974", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-12-20T06:15:45.160", "references": [{"url": "https://github.com/mlflow/mlflow/commit/8174250f83352a04c2d42079f414759060458555", "tags": ["Patch"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/438b0524-da0e-4d08-976a-6f270c688393", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine."}, {"lang": "es", "value": "Un usuario malintencionado podr\u00eda utilizar este problema para acceder a servidores HTTP internos y, en el peor de los casos (es decir, instancia de AWS), podr\u00eda ser un abuso obtener una ejecuci\u00f3n remota de c\u00f3digo en la m\u00e1quina v\u00edctima."}], "lastModified": "2023-12-29T14:13:47.377", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B5585E2-CC70-4BED-AA89-B791F081ACFC", "versionEndExcluding": "2.9.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}