CVE-2023-6022

Name of the Vulnerable Software and Affected Versions prefect versions prior to 2.16.5

Description The issue allows an attacker to steal secrets and potentially gain remote code execution via Cross-Site Request Forgery (CSRF) using the Prefect API. This can be exploited in self-hosted, open source Prefect API setups.

Recommendations For versions prior to 2.16.5, update to version 2.16.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Prefect API to minimize the risk of exploitation.