Cyber Resilience

CVE-2023-6974

CriticalPublic PoC

Published: 20 December 2023

Published
20 December 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0259 85.9th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-6974 is a critical-severity SSRF (CWE-918) vulnerability in Lfprojects Mlflow. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked in the top 14.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: AML.T0033, Verify Attack (AML.T0042).

EU & UK References

Vulnerability details

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

CWE(s)

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Vulnerability reported on Huntr, a bug bounty platform specifically for AI/ML projects, indicating it affects an AI/ML-related software/platform. Description involves SSRF-like access to internal servers and potential RCE, typical infrastructure issue in deployed AI services, but no specific framework or library mentioned.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

The vulnerability allows a malicious user to access internal HTTP(S) servers and achieve remote code execution on the victim machine (e.g., AWS instance), directly facilitating exploitation of remote services.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0033AML.T0042: Verify Attack

Affected Assets

lfprojects
mlflow
≤ 2.9.2

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-918

Penetration testing attempts server-side requests to internal resources, identifying SSRF weaknesses for remediation.

addresses: CWE-918

Outbound connections to external resources can be monitored and limited at the boundary, reducing SSRF impact.

addresses: CWE-918

Validates server-side URLs and resource references to block SSRF attempts.

addresses: CWE-918

Detects server-side request forgery through monitoring of unexpected outbound connections.

References