CVE-2023-6023
published 2023-11-16CVE-2023-6023: An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.00%
85.7th percentile
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vertaai | vertaai_modeldb | unspecified – latest | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to /api/v1/artifact/getArtifact with path traversal sequences (e.g., ../) in the artifact_path parameter. ↗
- →Successful exploitation returns HTTP 200 with Content-Type header containing 'application/octet-stream' and 'filename=' alongside file contents (e.g., /etc/passwd pattern root:.*:0:0:) in the response body. ↗
- →Use Shodan query 'http.favicon.hash:-2097033750' or 'http.title:"verta ai"' to identify exposed ModelDB instances. ↗
- →Use FOFA query 'icon_hash=-2097033750' or 'title="verta ai"' to identify exposed ModelDB instances. ↗
- ·The vulnerability is unauthenticated (PR:N) and network-accessible (AV:N), meaning no credentials are required to exploit the path traversal endpoint. ↗
- ·The root cause is the complete absence of validation and sanitization on the artifact_path parameter; any file readable by the server process can be exfiltrated. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.08.6HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qr8v-2mxv-xrj9: An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter
ghsa_unreviewed·2023-11-16
CVE-2023-6023 [HIGH] CWE-22 GHSA-qr8v-2mxv-xrj9: An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
VulnCheck
vertaai modeldb Path Traversal: '\..\filename'
vulncheck·2023·CVSS 7.5
CVE-2023-6023 [HIGH] vertaai modeldb Path Traversal: '\..\filename'
vertaai modeldb Path Traversal: '\..\filename'
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
Affected: vertaai modeldb
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09-11&host_type=src&vulnerability=cve-2023-6023; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09-12&host_type=src&vulnerability=cve-2023-6023; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-09-14&host_type=src&vulnerability=cve-2023-6023; https://dashboard
No detection rules found.
Nuclei
VertaAI ModelDB - Path Traversal
nuclei·CVSS 7.5
CVE-2023-6023 [HIGH] VertaAI ModelDB - Path Traversal
VertaAI ModelDB - Path Traversal
The endpoint "/api/v1/artifact/getArtifact?artifact_path=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifact_path parameter.
Template:
id: CVE-2023-6023
info:
name: VertaAI ModelDB - Path Traversal
author: m0ck3d,cookiehanhoan
severity: high
description: |
The endpoint "/api/v1/artifact/getArtifact?artifact_path=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifact_path parameter.
impact: |
Attackers can potentially exploit this vulnerability to perform a relative path traversal attack, which can lead to unauthorized access to sensitive local files on the server. As an impact it is know
No writeups or analysis indexed.
2023-11-16
Published
Exploited in the wild