The vulnerability arises due to insufficient validation of DELETE requests by users with EDIT permissions. In a typical setup, EDIT permissions should allow a user to read and update artifacts but not delete them. However, due to this vulnerability, a low privilege user can send a DELETE request to remove artifacts, bypassing the intended access controls and potentially leading to unauthorized data loss or system manipulation.

An attacker, after gaining access to the system as a low privilege user, assigns themselves EDIT permissions on an experiment via a POST request. Subsequently, the attacker sends a DELETE request targeting an artifact directory associated with the experiment. Despite only having EDIT permissions, the request is processed, and the directory is deleted, demonstrating the vulnerability.

Any deployment of mlflow version 2.11.0 where low privilege users are granted EDIT permissions on experiments. The vulnerability specifically affects these users' ability to delete artifacts, which should not be permissible under their assigned permissions.