Description

MLflow is an open source platform for managing the end-to-end machine learning lifecycle

Invicti determined that it was possible to access MLflow API without authentication.

Remediation

Enable authentication for MLflow

References

MLflow Authentication

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)

ASP.NET login credentials stored in plain text

WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)

Cookies Not Marked as HttpOnly

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation