Cyber Resilience

CVE-2023-6023

HighPublic PoC

Published: 16 November 2023

Published
16 November 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.4794 97.8th percentile
Risk Priority 44 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6023 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Vertaai Modeldb. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 2.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: AML.T1083.001, AML.T1005.001, Invert AI Model (AML.T0024.001).

Deeper analysis

CVE-2023-6023 is a local file inclusion vulnerability present in the ModelDB server. It stems from improper handling of the artifact_path URL parameter, which permits an attacker to read arbitrary files from the underlying server filesystem. The flaw is tracked under CWE-22 and CWE-29 and carries a CVSS 3.1 score of 7.5.

Remote attackers require no authentication or user interaction to exploit the issue, enabling them to retrieve any readable file on the host and resulting in high confidentiality impact without affecting integrity or availability.

The vulnerability was reported via huntr.com bounties. Its EPSS score reached a peak of 0.5119 and currently stands at 0.4794.

EU & UK References

Vulnerability details

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Privacy and Disclosure
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
ModelDB is an open-source ML model management and metadata store platform, fitting 'Other Platforms' as it handles ML experiments, models, and artifacts, and the vulnerability is reported on an AI/ML bug bounty platform (huntr).

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The LFI vulnerability (CVE-2023-6023) in the artifact_path URL parameter enables arbitrary file reads from the server's local filesystem (T1005: Data from Local System) and is exploitable via a public-facing web application (T1190: Exploit Public-Facing Application).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T1083.001AML.T1005.001AML.T0024.001: Invert AI Model

Affected Assets

vertaai
modeldb
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References