By default, MLflow does not require authentication to access the application. When enabling authentication, MLflow will enforce a basic authentication with default credentials. If not updated, a remote and unauthenticated attacker could access the MLflow UI and peform arbitrary actions on it.
No source data
Vendor | Product | Version | CPE |
---|---|---|---|
lfprojects | mlflow | * | cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* |