Lucene search
China National Vulnerability DatabaseCNVD-2023-72233HistorySep 25, 2023 - 12:00 a.m.
Apache Airflow Authorization Problem Vulnerability (CNVD-2023-72233)
2023-09-2500:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
apache airflow
united states apache foundation
open source platform
workflow
scalable
dynamic monitoring
authorization issue
vulnerability
privilege management
authentication
dag view
modify dag run
configuration parameters
EPSS
0.001
Percentile
48.8%
Apache Airflow is the United States Apache (Apache) Foundation’s set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions prior to 2.7.1 have an authorization issue vulnerability that stems from improper privilege management in the program. An attacker authorized by authentication and DAG view could use the vulnerability to modify certain DAG run details values when submitting annotations, which could allow them to change configuration parameters, start dates, and other details.
Related
osv
osv
CVE-2023-40611
2023-09-12 12:15:08
Apache Airflow Incorrect Authorization vulnerability
2023-09-12 18:58:34
BIT-airflow-2023-40611
2024-03-06 10:53:28
nvd
nvd
CVE-2023-40611
2023-09-12 12:15:08
CVE-2023-47037
2023-11-12 14:15:25
prion
prion
Design/Logic Flaw
2023-09-12 12:15:00
Design/Logic Flaw
2023-11-12 14:15:00
veracode
veracode
Incorrect Authorization
2023-09-15 09:56:05
cve
cve
CVE-2023-40611
2023-09-12 12:15:08
CVE-2023-47037
2023-11-12 14:15:25
github
github
Apache Airflow Incorrect Authorization vulnerability
2023-09-12 18:58:34
hackerone
hackerone
cvelist
cvelist
vulnrichment
vulnrichment
nessus
nessus