Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-50783

UNKNOWN
Published 2023-12-21T09:28:47.746Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-50783. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Airflow

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Apache Airflow Improper Access Control vulnerability

GHSA-5938-79hg-xh3q

Advisory Details

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue.

Affected Packages

PyPI apache-airflow
ECOSYSTEM: ≥0 <2.8.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-50783
WEB https://github.com/apache/airflow/pull/33932
WEB https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929
PACKAGE https://github.com/apache/airflow
WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml
WEB https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn
WEB http://www.openwall.com/lists/oss-security/2023/12/21/4

Advisory provided by GitHub Security Advisory Database. Published: December 21, 2023, Modified: November 21, 2024

References

https://github.com/apache/airflow/pull/33932
https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn
http://www.openwall.com/lists/oss-security/2023/12/21/4
Published: 2023-12-21T09:28:47.746Z
Last Modified: 2025-02-13T17:19:40.647Z
Copied to clipboard!