CVE-2023-47037

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.7.3

Description The issue allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and start dates. This is related to improper authorization in the Apache Airflow network programming tool.

Recommendations For versions prior to 2.7.3, upgrade to version 2.7.3 or later, which has removed the vulnerability. As a temporary workaround, consider restricting access to modify DAG run details for authenticated and DAG-view authorized users until the upgrade is applied.