First published: Thu Nov 16 2023(Updated: )
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
Credit: security@huntr.dev
Affected Software | Affected Version | How to fix |
---|---|---|
Vertaai Modeldb |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the ModelDB Local File Include vulnerability is CVE-2023-6023.
The ModelDB Local File Include vulnerability allows an attacker to read any file on the filesystem of the server hosting ModelDB through a Local File Inclusion (LFI) in the artifact_path URL parameter.
The affected software for the ModelDB Local File Include vulnerability is Vertaai Modeldb.
The severity rating of the ModelDB Local File Include vulnerability is high with a CVSS score of 8.6.
The ModelDB Local File Include vulnerability can be exploited by manipulating the artifact_path URL parameter to access and read arbitrary files on the server's filesystem.
Yes, you can find more information about the ModelDB Local File Include vulnerability and possible mitigation strategies at the following URL: [CVE-2023-6023](https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca)
The Common Weakness Enumerations (CWEs) associated with the ModelDB Local File Include vulnerability are CWE-29 (Path Traversal) and CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
To fix the ModelDB Local File Include vulnerability, it is recommended to apply the latest security patches or updates provided by Vertaai for ModelDB.