CVE-2023-50944: Apache Airflow: Bypass permission verification to read code of other dags

CVE-2023-50944: Apache Airflow: Bypass permission verification to read code of other dags

Open Source Security 

Posted by Ephraim Anierobi on Jan 24

Severity: low

Affected versions:

– Apache Airflow before 2.8.1

Description:

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code
of a DAG to which they don’t have access. This vulnerability is considered low since it requires an authenticated user
to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Credit:

Timon8 Zhang (finder)…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert