CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags

CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags

Open Source Security 

Posted by Ephraim Anierobi on Oct 13

Severity: low

Affected versions:

– Apache Airflow before 2.7.2

Description:

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read
specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this
vulnerability.

Credit:

balis0ng (finder)
Ephraim Anierobi…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert