CVE-2021-45230

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.2.0

Description The issue affects users with "can create" permissions on DAG Runs, allowing them to create Dag Runs for dags they don't have "edit" permissions for. This is a specific case where the user's permissions do not align with the expected access control.

Recommendations For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the "can create" permissions on DAG Runs to only those users who also have "edit" permissions for the respective dags.