In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Airflow

Affected Versions:

Apache Airflow 1.10 1.10.0 to 1.10.15 Apache Airflow 2

References

https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl

Published: 2022-01-20T10:25:10

Last Modified: 2024-08-04T04:39:20.469Z

Copied to clipboard!