Vertaai/modeldb - Path Traversal (CVE-2023-6023)
186Exploiting IPs reported
An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.
CrowdSec analysis
CVE-2023-6023 is a vulnerability affecting ModelDB, allowing attackers to read arbitrary files from the server’s filesystem via a crafted request exploiting a path traversal weakness.
CrowdSec has been tracking this vulnerability and its exploits since 7th of May 2025.
Insights from the CrowdSec network reveal that the attackers trying to exploit CVE-2023-6023 are composed of a fairly even mix of opportunistic and targeted actors. Some attackers employ preliminary reconnaissance, while others use indiscriminate scanning. In addition, according to the CrowdSec network, attack volume against CVE-2023-6023 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.
Observed exploitation attempts focus on URLs containing /api/v1/artifact/getartifact.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.