CVE-2023-1177

This PoC exploits an SSRF vulnerability in MLflow's model registry API to read arbitrary files. It creates a model, updates it with a malicious source path, and retrieves the file content via the artifact endpoint.

This repository contains a functional Proof-of-Concept (PoC) exploit for CVE-2023-1177, a Local File Inclusion (LFI) vulnerability in MLflow versions <= 2.1.1. The exploit leverages the `/model-versions/get-artifact` endpoint to read arbitrary files on the server by manipulating the `source` field of a model version.

This repository contains a writeup describing a Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerability in MLflow versions before 2.2.1. The vulnerability allows an attacker to read arbitrary files on the server's filesystem due to insufficient input sanitization in the API for retrieving model versions and registered models.

This repository provides a Docker-based proof-of-concept for CVE-2023-1177, demonstrating the vulnerability in MLflow v2.0.0 by comparing it with a patched version (v2.2.0). The setup includes vulnerable and non-vulnerable configurations with MinIO and MySQL dependencies.

This PoC exploits CVE-2023-1177, a directory traversal vulnerability in MLflow's AJAX API, allowing unauthorized access to arbitrary files. The script creates a registered model, updates it with a malicious source path, and retrieves the target file (flag.txt).

This PoC exploits a path traversal vulnerability in MLflow < 2.1.1 (CVE-2023-1177) by creating a model with a unique name and then accessing arbitrary files (e.g., /etc/passwd) via a crafted request. The script automates the exploitation process by interacting with MLflow's REST API.