CVE-2024-27906

apache/airflow

on github

Published

February 29, 2024

Severity

CVSS v3:

N/A

CVSS v2:

N/A

Description

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

References

https://github.com/apache/airflow/pull/37290
https://github.com/apache/airflow/pull/37468
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5
http://www.openwall.com/lists/oss-security/2024/02/29/1

Configurations

CPE23	Version Start	Version End	Exact Version

External Links

NVD - CVE-2024-27906