CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the „List dag warnings“ feature

CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the „List dag warnings“ feature

Open Source Security 

Posted by Ephraim Anierobi on Oct 13

Severity: low

Affected versions:

– Apache Airflow before 2.7.2

Description:

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow
to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and
the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert