Description

MLflow is an open source platform for managing the end-to-end machine learning lifecycle

Acunetix determined that it was possible to access MLflow API without authentication.

Remediation

Enable authentication for MLflow

References

MLflow Authentication

Related Vulnerabilities

Delve Debugger Unauthorized Access Vulnerability

Insecure Protocol Detected in Content Security Policy (CSP)

Request Smuggling

WordPress 5.8 Multiple Vulnerabilities (5.8)

GraphQL Introspection Query Enabled

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation