id: mlflow-unauth info: name: Mlflow - Unauthenticated Access author: pussycat0x severity: high description: | Unauthenticated Access to MLflow dashboard. remediation: Add User Authentication metadata: verified: "true" shodan-query: http.title:"mlflow" tags: unauth,mlflow,oss requests: - method: GET path: - "{{BaseURL}}/ajax-api/2.0/preview/mlflow/experiments/get?experiment_id=0" matchers-condition: and matchers: - type: word part: body words: - "experiment_id" - "name" - "artifact_location" condition: and - type: status status: - 200 extractors: - type: regex part: body name: version internal: true group: 1 regex: - '"version": "([0-9.]+)",'