GHSA-4qq5-mxxx-m6gg
- Source
- https://github.com/advisories/GHSA-4qq5-mxxx-m6gg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-4qq5-mxxx-m6gg/GHSA-4qq5-mxxx-m6gg.json
- Aliases
-
- BIT-mlflow-2023-6014
- CVE-2023-6014
- Published
- 2023-11-16T21:30:46Z
- Modified
- 2023-11-25T08:11:35.967719Z
- Details
-
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirement.
- References
Affected packages
PyPI / mlflow
Package
- Name
- mlflow
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0The exact introduced commit is unknownLast affected2.5.0
Affected versions
0.*
0.0.1
0.1.0
0.2.0
0.2.1
0.3.0
0.4.0
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.6.0
0.7.0
0.8.0
0.8.1
0.8.2
0.9.0
0.9.0.1
0.9.1
1.*
1.0.0
1.1.0
1.1.1.dev0
1.2.0
1.3.0
1.4.0
1.5.0
1.6.0
1.7.0
1.7.1
1.7.2
1.8.0
1.9.0
1.9.1
1.10.0
1.11.0
1.12.0
1.12.1
1.13
1.13.1
1.14.0
1.14.1
1.15.0
1.16.0
1.17.0
1.18.0
1.19.0
1.20.0
1.20.1
1.20.2
1.21.0
1.22.0
1.23.0
1.23.1
1.24.0
1.25.0
1.25.1
1.26.0
1.26.1
1.27.0
1.28.0
1.29.0
1.30.0
1.30.1
2.*
2.0.0rc0
2.0.0
2.0.1
2.1.0
2.1.1
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.4.0
2.4.1
2.4.2
2.5.0