CVE-2023-49795

Published: Dic 11, 2023 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-0149 Aliases: GHSA-34mr-6q8x-g9r6, PYSEC-2023-277

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0035

Percentile

0,6th

Updated

EPSS Score Trend (Last 90 Days)

918

Server-Side Request Forgery (SSRF)

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality Integrity Access Control

Potential Impacts:

Read Application Data Execute Unauthorized Code Or Commands Bypass Protection Mechanism

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

View CWE Details

Application

Mindsdb by Mindsdb

Product Information

Vendor Mindsdb

Product Mindsdb

Version Range Affected

To 23.11.4.1 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36…

Patch

https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d…

https://github.com/mindsdb/mindsdb/security/advisories/GHSA…

Vendor Advisory

https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6

https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36…

Patch

https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d…

https://github.com/mindsdb/mindsdb/security/advisories/GHSA…

Vendor Advisory

https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6

CVE-2023-49795

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Server-Side Request Forgery (SSRF)

Common Consequences

Applicable Platforms

Mindsdb by Mindsdb

Product Information

Iscriviti alla newsletter