TorchServe Management API publicly exposed
Description
TorchServe is a production-grade serving framework for PyTorch machine learning models. The TorchServe Management API provides administrative capabilities for model registration, scaling, and configuration management. This API is designed for use exclusively within trusted internal networks and should never be exposed to the public internet. When publicly accessible, it allows unauthorized users to interact with critical management functions without authentication.
Remediation
Immediately restrict access to the TorchServe Management API using network-level controls:
1. Configure firewall rules to block external access to the management port (default: 8081) and only allow connections from trusted internal IP addresses or networks
2. If using cloud infrastructure, apply security group rules or network ACLs to limit access to the management interface
3. Deploy TorchServe behind a reverse proxy or API gateway that enforces authentication and authorization for management endpoints
4. Bind the management API to localhost (127.0.0.1) if management operations are only needed locally:
torchserve --start --model-store /path/to/models --management-address http://127.0.0.1:80815. Use separate network segments or VPCs to isolate TorchServe management interfaces from public-facing inference endpoints
6. Regularly audit network configurations to ensure the management API remains inaccessible from untrusted networks
7. Update to the latest TorchServe version to ensure all security patches, including fixes for CVE-2023-43654, are applied