Apache · Apache Airflow · CVE-2023-35908
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow versions prior to 2.6.3
**Description**
The issue is related to improper authorization in Apache Airflow, allowing unauthorized read access to a DAG through a specially crafted URL. This could enable a remote attacker to disclose protected information.
**Recommendations**
For versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the DAGs through the URL to minimize the risk of exploitation.