PT-2023-8380 · Apache · Apache Airflow

Balis0Ng

Publicado

2023-12-21

Atualizado

2024-03-06

CVE-2023-50783

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.8.0

Description The issue is related to improper access control in Apache Airflow, allowing an authenticated user without the variable edit permission to update a variable. This compromises the integrity of variable management and could lead to unauthorized data modification.

Recommendations For Apache Airflow versions prior to 2.8.0, upgrade to version 2.8.0 to fix the issue. As a temporary workaround, consider restricting access to the variable management feature to minimize the risk of exploitation.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2024-00576

BIT-AIRFLOW-2023-50783

CVE-2023-50783

GHSA-5938-79HG-XH3Q

PYSEC-2023-267

Produtos afetados

Apache Airflow

PT-2023-8380 · Apache · Apache Airflow

CVE-2023-50783

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19