id: mlflow-unauth info: name: Mlflow - Unauthenticated Access author: pussycat0x severity: high description: | Unauthenticated Access to MLflow dashboard. remediation: Add User Authentication metadata: max-request: 1 verified: true shodan-query: http.title:"mlflow" tags: unauth,mlflow,oss,misconfig http: - method: GET path: - "{{BaseURL}}/ajax-api/2.0/preview/mlflow/experiments/get?experiment_id=0" matchers-condition: and matchers: - type: word part: body words: - "experiment_id" - "name" - "artifact_location" condition: and - type: status status: - 200