Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Airflow

Affected Versions:

References

https://github.com/apache/airflow/pull/32293

https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo

Published: 2023-07-12T09:14:25.892Z

Last Modified: 2024-10-04T13:44:50.075Z

Copied to clipboard!