Unrestricted access to MLflow

Description

MLflow is an open-source platform for managing the end-to-end machine learning lifecycle, including experiment tracking, model registry, and deployment.

This vulnerability exists when MLflow is deployed without authentication enabled, allowing unrestricted access to the MLflow API and web interface. By default, MLflow does not enforce authentication, which means anyone with network access can interact with the platform without providing credentials.

Remediation

Enable MLflow's built-in authentication mechanism to restrict access to authorized users only. Follow these steps:

1. Create an authentication configuration file (e.g., basic_auth.ini) with authorized users and their credentials
2. Set the following environment variables before starting MLflow:

export MLFLOW_AUTH_CONFIG_PATH="path/to/basic_auth.ini"
export MLFLOW_TRACKING_USERNAME="admin"
export MLFLOW_TRACKING_PASSWORD="secure_password"

3. Start the MLflow server with authentication enabled:

mlflow server --app-name basic-auth --host 0.0.0.0 --port 5000

4. For production deployments, consider implementing additional security measures such as placing MLflow behind a reverse proxy with TLS/SSL encryption, integrating with enterprise identity providers (LDAP, OAuth, SAML), and implementing network-level access controls to restrict access to trusted networks only.

Refer to the official MLflow Authentication documentation for detailed configuration options and best practices.

References

Related Vulnerabilities