CVE-2023-6014 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2023-6014?

CVE-2023-6014 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to create arbitrary user accounts in MLflow deployments, bypassing all authentication requirements. Any organization using MLflow for machine learning workflow management is affected. The flaw enables complete account takeover and privilege escalation.

📋 TL;DR

This vulnerability allows unauthenticated attackers to create arbitrary user accounts in MLflow deployments, bypassing all authentication requirements. Any organization using MLflow for machine learning workflow management is affected. The flaw enables complete account takeover and privilege escalation.

💻 Affected Systems

Products:

MLflow

Versions: All versions prior to 2.9.2

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all MLflow deployments with authentication enabled. The vulnerability exists in the authentication mechanism itself.

📦 What is this software?

Mlflow by Lfprojects

View all CVEs affecting Mlflow →

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of MLflow instance with administrative privileges, data exfiltration, injection of malicious models, and lateral movement to connected systems.

🟠

Likely Case

Unauthorized users gain access to sensitive ML models, training data, and pipeline configurations, potentially leading to intellectual property theft or model poisoning.

🟢

If Mitigated

Limited impact if MLflow is deployed in isolated environments without internet access and with strict network segmentation.

🌐 Internet-Facing: HIGH - Internet-facing MLflow instances are immediately vulnerable to unauthenticated remote attacks.

🏢 Internal Only: HIGH - Even internal deployments are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit requires sending specially crafted HTTP requests to the MLflow API endpoints. No authentication or special privileges are needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.2 and later

Vendor Advisory: https://github.com/mlflow/mlflow/security/advisories/GHSA-4hq8-xrvm-6hx5

Restart Required: Yes

Instructions:

1. Upgrade MLflow to version 2.9.2 or later using pip: 'pip install --upgrade mlflow>=2.9.2' 2. Restart all MLflow services 3. Verify the authentication mechanism is working correctly

🔧 Temporary Workarounds

Network Isolation

all

Restrict network access to MLflow instances using firewall rules

Reverse Proxy Authentication

all

Implement authentication at the reverse proxy layer before requests reach MLflow

🧯 If You Can't Patch

Deploy MLflow behind a reverse proxy with strong authentication (OAuth, SAML, or API key validation)
Implement network segmentation to isolate MLflow from untrusted networks and monitor all access attempts

🔍 How to Verify

Check if Vulnerable:

Attempt to create a user account via the MLflow API without authentication. If successful, the system is vulnerable.

Check Version:

python -c "import mlflow; print(mlflow.__version__)"

Verify Fix Applied:

After patching, attempt the same unauthenticated account creation. It should fail with proper authentication errors.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful account creation
User account creation from unexpected IP addresses
Authentication bypass patterns in access logs

Network Indicators:

Unusual HTTP POST requests to /api/2.0/mlflow/users/create endpoint without authentication headers
Account creation requests from unauthorized sources

SIEM Query:

source="mlflow.logs" AND (event="user_created" OR uri_path="/api/2.0/mlflow/users/create") AND NOT (auth_token EXISTS)

📊 Metadata

CVE ID: CVE-2023-6014

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-598

Published: November 16, 2023

Last Updated: November 21, 2024

🔗 References

https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4 Exploit,Issue Tracking,Third Party Advisory
https://huntr.com/bounties/3e64df69-ddc2-463e-9809-d07c24dc1de4 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6014, you might also want to check these: