CVE-2023-50783

apache/airflow

on github

Published

December 21, 2023

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

N/A

Description

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue

References

https://github.com/apache/airflow/pull/33932
https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn
http://www.openwall.com/lists/oss-security/2023/12/21/4

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:apache:airflow::::::::	n/a	2.8.0	*

External Links

NVD - CVE-2023-50783