CVE-2023-6023
Published: 16 November 2023
Summary
CVE-2023-6023 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Vertaai Modeldb. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 2.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: AML.T1083.001, AML.T1005.001, Invert AI Model (AML.T0024.001).
Deeper analysis
CVE-2023-6023 is a local file inclusion vulnerability present in the ModelDB server. It stems from improper handling of the artifact_path URL parameter, which permits an attacker to read arbitrary files from the underlying server filesystem. The flaw is tracked under CWE-22 and CWE-29 and carries a CVSS 3.1 score of 7.5.
Remote attackers require no authentication or user interaction to exploit the issue, enabling them to retrieve any readable file on the host and resulting in high confidentiality impact without affecting integrity or availability.
The vulnerability was reported via huntr.com bounties. Its EPSS score reached a peak of 0.5119 and currently stands at 0.4794.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58283
Vulnerability details
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- ModelDB is an open-source ML model management and metadata store platform, fitting 'Other Platforms' as it handles ML experiments, models, and artifacts, and the vulnerability is reported on an AI/ML bug bounty platform (huntr).
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The LFI vulnerability (CVE-2023-6023) in the artifact_path URL parameter enables arbitrary file reads from the server's local filesystem (T1005: Data from Local System) and is exploitable via a public-facing web application (T1190: Exploit Public-Facing Application).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.