PT-2023-4777 · Apache · Apache Airflow
Kietna
+2
·
Published
2023-07-12
·
Updated
2026-02-20
·
CVE-2023-22887
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Airflow versions prior to 2.6.3
Description
The issue allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the
run id parameter. This is considered a low-risk issue as it requires an authenticated user to exploit it.Recommendations
For Apache Airflow versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the
run id parameter to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow