CVE-2024-26280: Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)

CVE-2024-26280: Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)

Open Source Security [[{„value“:“

Posted by Ephraim Anierobi on Mar 01

Severity: low

Affected versions:

– Apache Airflow before 2.8.2

Description:

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all
information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops
and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the
logs….
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert