Description

MLflow is an open source platform for managing the end-to-end machine learning lifecycle

Acunetix determined that it was possible to access MLflow API without authentication.

Remediation

Enable authentication for MLflow

References

MLflow Authentication

Related Vulnerabilities

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.28)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6625)

Apache solr service exposed

WordPress Plugin W4 Post List Multiple Vulnerabilities (2.4.5)

WordPress Plugin WP-Invoice-Web Invoice and Billing Multiple Vulnerabilities (4.1.0)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation