CVE-2023-6568

moderate-risk
Published 2023-12-07

A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/__init__.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack.

Do I need to act?

!
33.4% chance of exploitation in next 30 days
EPSS score — higher than 67% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Lfprojects

References (4)

Patch https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
Exploit https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
Patch https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
Exploit https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
44
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 16/34 · Moderate
Exposure 5/34 · Minimal