Critical severityNVD Advisory· Published Nov 16, 2023· Updated Sep 4, 2024
MLflow Authentication Bypass
CVE-2023-6014
Description
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mlflowPyPI | < 2.8.0 | 2.8.0 |
Affected products
3Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-4qq5-mxxx-m6ggghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6014ghsaADVISORY
- github.com/mlflow/mlflow/commit/32de2154ef9f946160e5dc01a4d8a449dd0bd259ghsaWEB
- github.com/mlflow/mlflow/issues/9669ghsaWEB
- github.com/mlflow/mlflow/pull/9700ghsaWEB
- github.com/mlflow/mlflow/releases/tag/v2.8.0ghsaWEB
- huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4ghsaWEB
News mentions
0No linked articles in our index yet.