mlflow Basic Auth App Tracing and Assessment Endpoint Access Control Vulnerability

A vulnerability exists in the latest version of mlflow when the basic-auth application is enabled. The tracing and assessment endpoints lack proper permission validation, allowing any authenticated user, even those with NO_PERMISSIONS on the experiment, to access trace information and create assessments for traces they should not be able to. This issue affects deployments using 'mlflow server --app-name=basic-auth'

Impact

This vulnerability allows unauthorized users to read sensitive trace metadata and to create assessments on traces they should not have access to.

Reproduction

To reproduce this vulnerability, first install mlflow with 'pip install -e .' and 'pip install Flask-WTF'. Then, start an mlflow server with the basic-auth app enabled, using a configuration file that sets the default permission to NO_PERMISSIONS. After the server is running, create a non-admin user and a private experiment. The user can then read trace information and create assessments on traces they should not have access to.