From c6a25069039ad93438698e3399e191945b5cd040 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Fri, 20 Sep 2024 19:06:18 +0400
Subject: [PATCH] Create CVE-2023-6568.yaml
---
http/cves/2023/CVE-2023-6568.yaml | 57 +++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
create mode 100644 http/cves/2023/CVE-2023-6568.yaml
diff --git a/http/cves/2023/CVE-2023-6568.yaml b/http/cves/2023/CVE-2023-6568.yaml
new file mode 100644
index 0000000000..405bbff5f5
--- /dev/null
+++ b/http/cves/2023/CVE-2023-6568.yaml
@@ -0,0 +1,57 @@
+id: CVE-2023-6568
+
+info:
+ name: Mlflow - Cross-Site Scripting
+ author: ritikchaddha
+ severity: medium
+ description: |
+ The vulnerability allows an attacker to inject malicious code into the Content-Type header of a POST request,
+ which is then reflected back to the user without proper sanitization or escaping.
+ impact: |
+ Allows attackers to execute malicious scripts in the context of a user's session
+ remediation: |
+ Sanitize and validate user input to prevent XSS attacks
+ reference:
+ - https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
+ - https://nvd.nist.gov/vuln/detail/CVE-2023-6568
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2023-6568
+ cwe-id: CWE-79
+ epss-score: 0.00046
+ epss-percentile: 0.15636
+ cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
+ metadata:
+ max-request: 1
+ vendor: lfprojects
+ product: mlflow
+ shodan-query: http.title:"mlflow"
+ fofa-query: app="MLflow"
+ google-query: intitle:"mlflow"
+ tags: cve,cve2023,mlflow,xss
+
+http:
+ - raw:
+ - |
+ POST /api/2.0/mlflow/users/create HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type:
+
+ matchers-condition: and
+ matchers:
+ - type: word
+ part: body
+ words:
+ - ""
+ - "Invalid content type:"
+ condition: and
+
+ - type: word
+ part: content_type
+ words:
+ - 'text/html'
+
+ - type: status
+ status:
+ - 400