PT-2023-32477 · Mlflow · Mlflow

Published

2023-11-16

·

Updated

2023-11-24

·

CVE-2023-6014

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions MLflow (affected versions not specified)
Description The issue allows an attacker to arbitrarily create an account in MLflow, bypassing any authentication requirement.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-598

Related Identifiers

BIT-MLFLOW-2023-6014
CVE-2023-6014
GHSA-4QQ5-MXXX-M6GG

Affected Products

Mlflow