mlflow is vulnerable to Improper Access Control
81
High Risk
Affected versions of this package are vulnerable to missing authorization on trace API endpoints when the MLflow tracking server runs with authentication enabled (--app-name basic-auth). Trace operations such as searching and reading traces, deleting traces, modifying trace tags, and linking traces to runs did not enforce experiment-level permissions. Any authenticated user could access and modify traces from experiments they were not authorized to use, exposing sensitive LLM prompts, responses, function arguments, and audit data. The root cause was missing entries for trace endpoint handlers in the server's BEFORE_REQUEST_VALIDATORS map, so authorization checks were skipped for those routes.
You are affected if you run the MLflow tracking server with authentication enabled (--app-name basic-auth) and are using a version that falls within the vulnerable range.
mlflow is vulnerable to Improper Access Control in versions 2.14.2 - 3.12.0.
Upgrade the mlflow library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant