CVE-2023-42792: Apache Airflow: Improper access control to DAG resources

CVE-2023-42792: Apache Airflow: Improper access control to DAG resources

Open Source Security 

Posted by Ephraim Anierobi on Oct 13

Severity: moderate

Affected versions:

– Apache Airflow before 2.7.2

Description:

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with
limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs
that the user had no access to, thus, enabling the user to clear DAGs they shouldn’t.

Users of Apache Airflow are…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert