CVE-2023-42663

apache/airflow

on github

Published

October 14, 2023

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

N/A

Description

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

References

https://github.com/apache/airflow/pull/34315
https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9
http://www.openwall.com/lists/oss-security/2023/11/12/2

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:apache:airflow::::::::	n/a	2.7.2	*

External Links

NVD - CVE-2023-42663