An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Mlflow | Lfprojects | * | * |