Description
MLflow is an open source platform for managing the end-to-end machine learning lifecycle
Invicti determined that it was possible to access MLflow API without authentication.
Remediation
Enable authentication for MLflow
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)
ASP.NET login credentials stored in plain text
WordPress Plugin Breadcrumb NavXT Information Disclosure (6.1.0)
Cookies Not Marked as HttpOnly
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3818)