Kubeflow Pipelines UI Security Patch: Cross-Namespace Artifact Access Vulnerability Closed

A critical security vulnerability in Kubeflow Pipelines (KFP) that allowed unauthorized cross-namespace artifact access has been patched. The fix, implemented in a recently merged pull request, directly addresses a long-standing security flaw documented in issue #9889, which had left sensitive data exposed across Kubernetes namespace boundaries.

The core of the vulnerability stemmed from an overly permissive ClusterRole. The `ml-pipeline-ui` service account previously had the ability to `get` and `list` Kubernetes Secrets from any namespace via the API. The security-hardened patch removes this rule entirely, stripping the frontend of its blanket read access to cluster-wide secrets. Furthermore, the fix introduces a new authorization middleware, `getArtifactsAuthMiddleware()`, within the frontend's artifact handler. This middleware enforces strict namespace isolation for artifact retrieval, ensuring users can only access artifacts within their authorized namespace scope.

This closure of a known vulnerability represents a significant hardening of KFP's multi-tenant security posture. For organizations running Kubeflow in shared or production environments, the patch mitigates a direct data exfiltration risk where pipeline artifacts and associated secrets in one namespace could be accessed by users in another. The fix, a continuation of stalled work from contributor @JagjeevanAK, underscores the ongoing scrutiny of access controls in complex machine learning platforms and the latent risks present in legacy permission configurations.