What is the vulnerability ID for the ModelDB Local File Include vulnerability?

The vulnerability ID for the ModelDB Local File Include vulnerability is CVE-2023-6023.

What is the description of the ModelDB Local File Include vulnerability?

The ModelDB Local File Include vulnerability allows an attacker to read any file on the filesystem of the server hosting ModelDB through a Local File Inclusion (LFI) in the artifact_path URL parameter.

What is the affected software for the ModelDB Local File Include vulnerability?

The affected software for the ModelDB Local File Include vulnerability is Vertaai Modeldb.

What is the severity rating of the ModelDB Local File Include vulnerability?

The severity rating of the ModelDB Local File Include vulnerability is high with a CVSS score of 8.6.

How can the ModelDB Local File Include vulnerability be exploited?

The ModelDB Local File Include vulnerability can be exploited by manipulating the artifact_path URL parameter to access and read arbitrary files on the server's filesystem.

Is there any reference for the ModelDB Local File Include vulnerability?

Yes, you can find more information about the ModelDB Local File Include vulnerability and possible mitigation strategies at the following URL: [CVE-2023-6023](https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca)

What are the Common Weakness Enumerations (CWEs) associated with the ModelDB Local File Include vulnerability?

The Common Weakness Enumerations (CWEs) associated with the ModelDB Local File Include vulnerability are CWE-29 (Path Traversal) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)

How can I fix the ModelDB Local File Include vulnerability?

To fix the ModelDB Local File Include vulnerability, it is recommended to apply the latest security patches or updates provided by Vertaai for ModelDB.

Vulnerability/
CVE-2023-6023

high

8.6

CWE

29 22

EPSS

0.087%

16/11/2023

28/11/2023

CVE-2023-6023: ModelDB Local File Include

First published: Thu Nov 16 2023(Updated: )

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
Vertaai Modeldb

Never miss a vulnerability like this again

Reference Links

https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca

Frequently Asked Questions

What is the vulnerability ID for the ModelDB Local File Include vulnerability?
The vulnerability ID for the ModelDB Local File Include vulnerability is CVE-2023-6023.
What is the description of the ModelDB Local File Include vulnerability?
The ModelDB Local File Include vulnerability allows an attacker to read any file on the filesystem of the server hosting ModelDB through a Local File Inclusion (LFI) in the artifact_path URL parameter.
What is the affected software for the ModelDB Local File Include vulnerability?
The affected software for the ModelDB Local File Include vulnerability is Vertaai Modeldb.
What is the severity rating of the ModelDB Local File Include vulnerability?
The severity rating of the ModelDB Local File Include vulnerability is high with a CVSS score of 8.6.
How can the ModelDB Local File Include vulnerability be exploited?
The ModelDB Local File Include vulnerability can be exploited by manipulating the artifact_path URL parameter to access and read arbitrary files on the server's filesystem.
Is there any reference for the ModelDB Local File Include vulnerability?
Yes, you can find more information about the ModelDB Local File Include vulnerability and possible mitigation strategies at the following URL: [CVE-2023-6023](https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca)
What are the Common Weakness Enumerations (CWEs) associated with the ModelDB Local File Include vulnerability?
The Common Weakness Enumerations (CWEs) associated with the ModelDB Local File Include vulnerability are CWE-29 (Path Traversal) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
How can I fix the ModelDB Local File Include vulnerability?
To fix the ModelDB Local File Include vulnerability, it is recommended to apply the latest security patches or updates provided by Vertaai for ModelDB.

collector/mitre-cve
collector/nvd-api
agent/author
agent/description
agent/epss
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
agent/weakness
collector/epss-latest
source/FIRST
vendor/vertaai
canonical/vertaai modeldb

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.