Selen

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.0.0 through 3.1.8 Description The DagRun wait endpoint in Apache Airflow allows users with DAG Run read permissions, such as the Viewer role, to access XCom result values. This behavior contradicts the intended security model where XCom is a protected resource and the Viewer role should be read-only. Recommendations Upgrade to Apache Airflow version 3.2.0.