{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46411?format=json","vulnerability_id":"VCID-1r11-xvzt-suhp","summary":"MLflow authentication requirement bypass can allow a user to arbitrarily create an account\nAn attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.","aliases":[{"alias":"CVE-2023-6014"},{"alias":"GHSA-4qq5-mxxx-m6gg"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34992?format=json","purl":"pkg:pypi/mlflow@2.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1r11-xvzt-suhp"},{"vulnerability":"VCID-7m3u-tyeh-rqgz"},{"vulnerability":"VCID-93v9-5y4m-t7dz"},{"vulnerability":"VCID-an1e-3jdw-7yaw"},{"vulnerability":"VCID-cu1t-7wnm-y7hk"},{"vulnerability":"VCID-deyg-v3z9-6fet"},{"vulnerability":"VCID-ep2z-9m6r-6ubu"},{"vulnerability":"VCID-g9p5-4cqv-qfew"},{"vulnerability":"VCID-hz26-bm34-gkfx"},{"vulnerability":"VCID-j3ax-7a88-f7ff"},{"vulnerability":"VCID-jbuf-3rr2-5kcv"},{"vulnerability":"VCID-ns8z-pwe6-vbby"},{"vulnerability":"VCID-pzmb-xzk9-s7dy"},{"vulnerability":"VCID-rcqb-2498-77e2"},{"vulnerability":"VCID-s76e-s9ut-2bdq"},{"vulnerability":"VCID-saca-pg4n-xucu"},{"vulnerability":"VCID-syg7-c85s-4ufu"},{"vulnerability":"VCID-vd8p-48kf-yyg6"},{"vulnerability":"VCID-wwe2-hxs5-t7eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.5.0"}],"references":[{"reference_url":"https://github.com/mlflow/mlflow/issues/9669","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mlflow/mlflow/issues/9669"},{"reference_url":"https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6014","reference_id":"CVE-2023-6014","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-6014"},{"reference_url":"https://github.com/advisories/GHSA-4qq5-mxxx-m6gg","reference_id":"GHSA-4qq5-mxxx-m6gg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4qq5-mxxx-m6gg"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1r11-xvzt-suhp"}