PT-2023-8627 · Apache · Apache Airflow

Balis0Ng

Published

2023-10-14

Updated

2024-03-06

CVE-2023-42780

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.7.2

Description The issue allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs, revealing the dag ids and the stack-traces of import errors for those DAGs with import errors.

Recommendations For Apache Airflow versions prior to 2.7.2, upgrade to version 2.7.2 or newer to mitigate the risk associated with this issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2024-01280

BIT-AIRFLOW-2023-42780

CVE-2023-42780

GHSA-CGX2-RRMR-JX43

PYSEC-2023-202

Affected Products

Apache Airflow

PT-2023-8627 · Apache · Apache Airflow

CVE-2023-42780

Weakness Enumeration

Related Identifiers

Affected Products

References · 15