PT-2023-4800 · Apache · Apache Airflow
Timon8
+1
·
Published
2023-07-12
·
Updated
2026-02-20
·
CVE-2023-22888
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Airflow versions prior to 2.6.3
Description
The issue exists due to insufficient input validation, allowing a remote attacker to cause a service disruption. This can be achieved by manipulating the
run id parameter. The exploitation requires an authenticated user, and the issue is considered low-severity.Recommendations
For versions prior to 2.6.3, upgrade to a version that is not affected to resolve the issue. As a temporary workaround, consider restricting access to the
run id parameter to minimize the risk of exploitation.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow