PT-2023-6909 · Apache · Apache Airflow
Balis0Ng
+1
·
Published
2023-11-12
·
Updated
2026-02-20
·
CVE-2023-42781
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Airflow versions prior to 2.7.3
Description
The issue is related to insufficient protection of internal data in Apache Airflow, allowing an authorized user with limited access to read specific DAGs to also read information about task instances in other DAGs. This can lead to unauthorized access to protected information.
Recommendations
For Apache Airflow versions prior to 2.7.3, upgrade to version 2.7.3 or newer to mitigate the risk associated with this issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow