daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2023-6018.yaml

patch-1
Ritik Chaddha 2023-12-05 21:47:04 +05:30 committed by GitHub
parent 46829038cf
commit 4551ee9db5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
http/cves/2023/CVE-2023-6018.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2023-6018 id: CVE-2023-6018
info: info:
name: Mlflow Arbitrary File Write via model-versions API name: Mlflow - Arbitrary File Write
author: byt3bl33d3r author: byt3bl33d3r
severity: critical severity: critical
description: | description: |
@ -18,10 +18,10 @@ info:
epss-percentile: 0.41283 epss-percentile: 0.41283
cpe: cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:* cpe: cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*
metadata: metadata:
verified: true
max-request: 1 max-request: 1
verified: true
shodan-query: http.title:"mlflow" shodan-query: http.title:"mlflow"
tags: cve,cve2023,mlflow,huntr,oss,rce tags: cve,cve2023,mlflow,oss,rce
variables: variables:
model_name: "{{rand_text_alpha(6)}}" model_name: "{{rand_text_alpha(6)}}"
@ -55,14 +55,14 @@ http:
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word - type: word
part: body_1 part: body_1
words: words:
- '"registered_model":' - '"registered_model":'
- '"name":' - '"name":'
condition: and condition: and
- type: word
part: interactsh_protocol
words:
- "http"