Description

MLflow is an open source platform for managing the end-to-end machine learning lifecycle

Acunetix determined that it was possible to access MLflow API without authentication.

Remediation

Enable authentication for MLflow

References

MLflow Authentication

Related Vulnerabilities

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-14641)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5730)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2039)

Spring Boot Misconfiguration: Datasource credentials stored in the properties file

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9411)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Privilege Escalation