CVE-2023-43472

Name of the Vulnerable Software and Affected Versions MLFlow versions 2.8.1 and before

Description An issue in MLFlow allows a remote attacker to obtain sensitive information via a crafted request to the REST API. Approximately 4,120 devices are potentially affected, mainly distributed in the United States, Germany, and other countries.

Recommendations For MLFlow versions 2.8.1 and before, consider restricting access to the REST API until a patch is available. As a temporary workaround, avoid using the REST API for sensitive information exchange until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.