
We found results for “”
CVE-2025-1474
Good to know:


Date: March 20, 2025
In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Weak Password Requirements
CWE-521Top Fix

Upgrade Version
Upgrade to version mlflow - 2.19.0;mlflow - 2.19.0;mlflow - 2.19.0;https://github.com/mlflow/mlflow.git - v2.19.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | HIGH |
Availability (A): | NONE |