CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the „List dag warnings“ feature
Open Source Security
Posted by Ephraim Anierobi on Oct 13
– Apache Airflow before 2.7.2
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow
to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and
the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2…