Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-27906

MEDIUM
Published 2024-02-29T11:02:19.310Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-27906. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.9
/10
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.000
probability
of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.120
Higher than 12.0% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
LOW

Description

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.

Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Airflow

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Apache Airflow: DAG Code and Import Error Permissions Ignored

GHSA-6v6w-h8m6-7mv2

Advisory Details

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Affected Packages

PyPI apache-airflow
ECOSYSTEM: ≥0 <2.8.2

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-27906
WEB https://github.com/apache/airflow/pull/37290
WEB https://github.com/apache/airflow/pull/37468
WEB https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b
WEB https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9
WEB https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7
WEB https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a
WEB https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326
WEB https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446
WEB https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24
WEB https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2
WEB https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4
PACKAGE https://github.com/apache/airflow
WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml
WEB https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5
WEB http://www.openwall.com/lists/oss-security/2024/02/29/1

Advisory provided by GitHub Security Advisory Database. Published: February 29, 2024, Modified: May 6, 2025

References

https://github.com/apache/airflow/pull/37290
https://github.com/apache/airflow/pull/37468
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5
Published: 2024-02-29T11:02:19.310Z
Last Modified: 2025-05-06T13:12:13.352Z
Copied to clipboard!