CVE-2023-50783

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.8.0

Description The issue is related to improper access control in Apache Airflow, allowing an authenticated user without the variable edit permission to update a variable. This compromises the integrity of variable management and could lead to unauthorized data modification.

Recommendations For Apache Airflow versions prior to 2.8.0, upgrade to version 2.8.0 to fix the issue. As a temporary workaround, consider restricting access to the variable management feature to minimize the risk of exploitation.