CVE-2023-6974
Published: 20 December 2023
Summary
CVE-2023-6974 is a critical-severity SSRF (CWE-918) vulnerability in Lfprojects Mlflow. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 14.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AML.T0033, Verify Attack (AML.T0042).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-3113
Vulnerability details
A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Vulnerability reported on Huntr, a bug bounty platform specifically for AI/ML projects, indicating it affects an AI/ML-related software/platform. Description involves SSRF-like access to internal servers and potential RCE, typical infrastructure issue in deployed AI services, but no specific framework or library mentioned.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows a malicious user to access internal HTTP(S) servers and achieve remote code execution on the victim machine (e.g., AWS instance), directly facilitating exploitation of remote services.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.
Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.
Validates server-side URLs and resource references to block SSRF attempts.
Detects server-side request forgery through monitoring of unexpected outbound connections.