2 matches found
CVE-2023-6014 MLflow Authentication Bypass
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment...
CVE-2023-6014
CVE-2023-6014 affects MLflow and describes an authentication bypass that lets an attacker arbitrarily create accounts via the MLflow server/UI without credentials. Documentation in connected sources confirms the vulnerability stems from bypassing MLflow’s authentication mechanism (basic auth path...