The vulnerability arises from the application's handling of semicolon (';') characters in URLs. In Python's urllib.parse.urlparse function, a semicolon is used to separate the 'params' part of the URL. Attackers can exploit this behavior by smuggling path traversal sequences (e.g., '../') into the 'params' section, potentially allowing them to access or manipulate resources outside of the intended directories. This issue is particularly concerning because it bypasses traditional path traversal protections that only consider the path portion of the URL.

An attacker crafts a series of malicious HTTP POST requests targeting the MLflow server. The attacker uses the semicolon character to inject path traversal sequences into the 'params' part of the URL. By carefully crafting the payload, the attacker can manipulate the server into accessing or modifying files outside of the intended directories. This could lead to unauthorized access to sensitive files or directories on the server.

Users of MLflow version 2.9.2 are potentially affected by this vulnerability. Specifically, instances where the application processes URLs containing semicolon characters could be at risk. This includes environments where MLflow is used for managing machine learning experiments and models, particularly those exposed to untrusted inputs.