An attacker can overwrite any file on the server hosting MLflow without any authentication.
{ "severity": "Critical", "cpes": [ "cpe:2.3:a:lfprojects:mlflow:-:*:*:*:*:*:*:*" ] }