First published: Thu Nov 16 2023(Updated: )
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement.
Credit: email@example.com firstname.lastname@example.org
|Affected Software||Affected Version||How to fix|
CVE-2023-6014 is a vulnerability that allows an attacker to create an account in MLflow without authentication.
CVE-2023-6014 has a severity level of critical, with a CVSS score of 9.1.
MLflow version up to and including 2.5.0 is affected by CVE-2023-6014.
To fix CVE-2023-6014, update to a version of MLflow that is higher than 2.5.0.
You can find more information about CVE-2023-6014 on the following references: [Huntr](https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4), [NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-6014), [GitHub Advisory](https://github.com/advisories/GHSA-4qq5-mxxx-m6gg).