Update CVE-2023-6018.yaml

2023-12-05 21:47:04 +05:30 · 2023-12-05 21:47:04 +05:30 · 4551ee9db5
parent 46829038cf
commit 4551ee9db5
1 changed files with 8 additions and 8 deletions
--- a/http/cves/2023/CVE-2023-6018.yaml
+++ b/http/cves/2023/CVE-2023-6018.yaml
@ -1,7 +1,7 @@
 id: CVE-2023-6018

 info:
-  name: Mlflow Arbitrary File Write via model-versions API
+  name: Mlflow - Arbitrary File Write
  author: byt3bl33d3r
  severity: critical
  description: |
@ -18,10 +18,10 @@ info:
    epss-percentile: 0.41283
    cpe: cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*
  metadata:
-    verified: true
    max-request: 1
+    verified: true
    shodan-query: http.title:"mlflow"
-  tags: cve,cve2023,mlflow,huntr,oss,rce
+  tags: cve,cve2023,mlflow,oss,rce

 variables:
  model_name: "{{rand_text_alpha(6)}}"
@ -55,14 +55,14 @@ http:

    matchers-condition: and
    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+
      - type: word
        part: body_1
        words:
          - '"registered_model":'
          - '"name":'
        condition: and
-
-      - type: word
-        part: interactsh_protocol
-        words:
-          - "http"