Vulnerabilities > CVE-2023-49795 - Server-Side Request Forgery (SSRF) vulnerability in Mindsdb

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mindsdb
CWE-918

Summary

MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.

Vulnerable Configurations

Part Description Count
Application
Mindsdb
218

Common Weakness Enumeration (CWE)