Critical flaw in AI testing framework MLflow can lead to server and data compromise


A serious vulnerability in the open-source framework MLflow, which is used by many companies to manage their machine-learning experiments and track results, has been patched. This vulnerability may have allowed attackers to steal sensitive data from servers, including SSH keys and AWS credentials.

Because MLflow doesn’t implement authentication by default and a rising number of MLflow deployments are directly exposed to the internet, the attacks can be carried out remotely without authorization. A REST API and command-line interface are available for managing MLflow. The framework is a useful tool for any firm testing machine learning because of all these characteristics.

Read More…