TorchServe Management API Publicly Exposed

Severity: High
Summary#

Invicti identified the TorchServe Management API is publicly exposed in the target web server. TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In the default configuration, TorchServe Management API is designed to be accessed inside trusted environments. It's not recommended to have TorchServe Management API publicly accessible.

Impact#

This vulnerability allows unauthenticated attackers to expose sensitive information or use API to conduct further attacks.

Remediation#

It's recommended to restrict access to this service on production systems

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works