CVE-2023-37379

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.7.0

Description The issue is related to insufficient validation of incoming requests, allowing an authenticated user with Connection edit privileges to access connection information and exploit the test connection feature. This can lead to a denial of service (DoS) condition on the server by sending many requests. Malicious actors can also establish harmful connections with the server.

Recommendations For versions prior to 2.7.0, upgrade to version 2.7.0 or newer to mitigate the risk associated with this issue. As a temporary workaround, consider restricting access to the test connection feature until a patch is available. Administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.