CVE-2023-6014

Summary

An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.

Affected Software

VendorProductVersion RangeStatus
mlflowmlflow/mlflowunspecified <= latestaffected

Weaknesses

  • CWE-598: CWE-598 Use of GET Request Method With Sensitive Query Strings

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References