We use cookies to improve your experience on our site.
AVID-2026-R1298
Description
MindsDB Server-Side Request Forgery vulnerability (CVE-2023-49795)
Details
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in file.py. This can lead to limited information disclosure. Users should use MindsDB’s staging branch or v23.11.4.1, which contain a fix for the issue.
Reason for inclusion in AVID: CVE-2023-49795 is a server-side request forgery vulnerability in MindsDB server (AI data/model integration platform) prior to 23.11.4.1. This is a software vulnerability affecting an AI-related server component used in AI pipelines to connect models to real-time data. It concerns the AI software stack (deployment/runtime) rather than hardware/firmware. It has clear CVE signaling, impact (information disclosure), and a fixed version, making it relevant to the software supply chain for general-purpose AI systems.
References
- NVD entry
- https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6
- https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe
Affected or Relevant Artifacts
- Developer: mindsdb
- Deployer: mindsdb
- Artifact Details:
| Type | Name |
|---|---|
| System | mindsdb |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| Base Score | 6.5 |
| Base Severity | 🟠 Medium |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | 🟢 Low |
| Availability Impact | NONE |
CWE
| ID | Description |
|---|---|
| CWE-918 | CWE-918: Server-Side Request Forgery (SSRF) |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-12-11
- Version: 0.3.3
- AVID Entry