CVE-2023-49795 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-49795

CVE-2023-49795

December 11, 2023

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.

Related Resources (5)

https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6

https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-277.yaml

https://github.com/mindsdb/mindsdb

https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe

https://nvd.nist.gov/vuln/detail/CVE-2023-49795

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

EPSS

Base Score:

0.35

Products

Solutions

Resources

Company

Compare

Developer Tools