Balis0Ng

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.8.0 **Description** The issue is related to improper access control in Apache Airflow, allowing an authenticated user without the variable edit permission to update a variable. This compromises the integrity of variable management and could lead to unauthorized data modification. **Recommendations** For Apache Airflow versions prior to 2.8.0, upgrade to version 2.8.0 to fix the issue. As a temporary workaround, consider restricting access to the variable management feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.8.0 **Description** The issue allows an authenticated user with limited access to some DAGs to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus enabling the user to clear DAGs they shouldn't. This is related to a missing fix in Apache Airflow 2.7.2. The vulnerability is also associated with information disclosure in the error data area, which could allow a remote attacker to gain unauthorized access to the database. **Recommendations** For Apache Airflow versions prior to 2.8.0, upgrade to version 2.8.0 or newer to mitigate the risk associated with this issue. As a temporary workaround, consider restricting access to sensitive DAG resources until the upgrade is applied. Additionally, monitor user activity and access logs to detect any potential exploitation attempts.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.3 **Description** The issue is related to insufficient protection of internal data in Apache Airflow, allowing an authorized user with limited access to read specific DAGs to also read information about task instances in other DAGs. This can lead to unauthorized access to protected information. **Recommendations** For Apache Airflow versions prior to 2.7.3, upgrade to version 2.7.3 or newer to mitigate the risk associated with this issue.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.2 **Description** The issue allows an authorized user with access to read specific DAGs only to read information about task instances in other DAGs. This is due to a lack of protection for internal data. Exploitation of this issue may allow a remote attacker to gain read access to data. **Recommendations** For versions prior to 2.7.2, upgrade to version 2.7.2 or newer to mitigate the risk associated with this issue.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.2 **Description** The issue allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs, revealing the `dag ids` and the stack-traces of import errors for those DAGs with import errors. **Recommendations** For Apache Airflow versions prior to 2.7.2, upgrade to version 2.7.2 or newer to mitigate the risk associated with this issue.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.7.2 **Description** The issue allows an authenticated user with limited access to some DAGs to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus enabling the user to clear DAGs they shouldn't. This is related to the disclosure of information in the error data area. Exploitation of the vulnerability may allow a remote attacker to impact data integrity. **Recommendations** For Apache Airflow versions prior to 2.7.2, upgrade to version 2.7.2 or newer to mitigate the risk associated with this issue.

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.6.0 **Description** The issue is related to the "Run Task" feature in Apache Airflow, which allows an authenticated user to bypass some restrictions and execute code in the webserver context, as well as access certain DAGs beyond their limitations. This feature is considered dangerous and has been removed entirely in Airflow 2.6.0. The vulnerability can lead to exposure of sensitive information to unauthorized actors. **Recommendations** For Apache Airflow versions prior to 2.6.0, consider updating to version 2.6.0 or later, where the "Run Task" feature has been removed entirely. As a temporary workaround, consider disabling the "Run Task" feature to minimize the risk of exploitation. Restrict access to the webserver context and certain DAGs to prevent unauthorized access.

**Name of the Vulnerable Software and Affected Versions** REDAXO versions prior to 5.6.4 **Description** The issue is related to a SQL injection in the Benutzerverwaltung component. **Recommendations** For versions prior to 5.6.4, update to version 5.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** REDAXO versions prior to 5.6.4 **Description** The issue affects the Mediamanager component in REDAXO, allowing for cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 5.6.4, update to version 5.6.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** REDAXO version 5.6.3 **Description** The issue concerns the $opener input field variable in the addons/mediapool/pages/index.php file, which is not properly filtered and is directly output to the page. An attacker can exploit this by inserting XSS payloads via a request to the /index.php?page=mediapool/media&opener input field=[XSS] endpoint. **Recommendations** For REDAXO version 5.6.3, consider filtering or sanitizing the `opener input field` variable to prevent XSS payloads from being injected. As a temporary workaround, restrict access to the /index.php?page=mediapool/media endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** REDAXO version 5.6.2 **Description** The issue concerns the $args variable in the addons/mediapool/pages/index.php file, where names are not restricted, allowing an attacker to insert XSS payloads. This can be achieved via the index.php?page=mediapool/media&opener input field=&args[substring] endpoint. **Recommendations** For REDAXO version 5.6.2, consider restricting the `args` variable to prevent XSS payload insertion until a patch is available. As a temporary workaround, restrict access to the `index.php?page=mediapool/media&opener input field=&args[substring]` endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** REDAXO versions prior to 5.6.3 **Description** A critical SQL injection issue has been found in the rex list class due to the prepareQuery function in core/lib/list.php. This can be exploited via the "sort" parameter in the index.php?page=users/users API endpoint. The backend is affected, and the frontend is also vulnerable if rex list is used. **Recommendations** For versions prior to 5.6.3, update to version 5.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php?page=users/users endpoint or disabling the use of the rex list class until a patch is available. Avoid using the `sort` parameter in the affected endpoint until the issue is resolved.