Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.

Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Airflow

Affected Versions:

References

https://github.com/apache/airflow/pull/33413

https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0

http://www.openwall.com/lists/oss-security/2023/11/12/1

Published: 2023-09-12T11:05:22.841Z

Last Modified: 2025-02-13T17:08:37.258Z

Copied to clipboard!