PT-2023-4014 · Apache · Apache Airflow

Karthikeyan Singaravelan

Publicado

2023-07-11

Atualizado

2026-02-20

CVE-2023-35908

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.6.3

Description The issue is related to improper authorization in Apache Airflow, allowing unauthorized read access to a DAG through a specially crafted URL. This could enable a remote attacker to disclose protected information.

Recommendations For versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the DAGs through the URL to minimize the risk of exploitation.

Correção

DoS

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BDU:2023-04312

BIT-AIRFLOW-2023-35908

CVE-2023-35908

GHSA-2H84-3CRQ-VGFJ

PYSEC-2023-119

Produtos afetados

Apache Airflow

PT-2023-4014 · Apache · Apache Airflow

CVE-2023-35908

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17