Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2024/01/24/5 | Mailing List |
https://github.com/apache/airflow/pull/36257 | Third Party Advisory |
https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h | Mailing List Vendor Advisory |
Configurations
History
30 Jan 2024, 22:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h - Mailing List, Vendor Advisory | |
References | () https://github.com/apache/airflow/pull/36257 - Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2024/01/24/5 - Mailing List | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CPE | cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* | |
First Time |
Apache
Apache airflow |
24 Jan 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
24 Jan 2024, 13:49
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-24 13:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-50944
Mitre link : CVE-2023-50944
CVE.ORG link : CVE-2023-50944
JSON object : View
Products Affected
apache
- airflow
CWE
CWE-862
Missing Authorization