PT-2023-4777 · Apache · Apache Airflow

Kietna

Publicado

2023-07-12

Atualizado

2026-02-20

CVE-2023-22887

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.6.3

Description The issue allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run id parameter. This is considered a low-risk issue as it requires an authenticated user to exploit it.

Recommendations For Apache Airflow versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the run id parameter to minimize the risk of exploitation.

Correção

DoS

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

BDU:2023-05224

BIT-AIRFLOW-2023-22887

CVE-2023-22887

GHSA-GGWR-4VR8-G7WV

PYSEC-2023-104

Produtos afetados

Apache Airflow

PT-2023-4777 · Apache · Apache Airflow

CVE-2023-22887

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14