Lucene search
China National Vulnerability DatabaseCNVD-2023-80561HistoryOct 17, 2023 - 12:00 a.m.
Apache Airflow Authorization Problem Vulnerability (CNVD-2023-80561)
2023-10-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
apache airflow
authorization
vulnerability
dags
cnvd-2023-80561
Apache Airflow is the United States Apache (Apache) Foundation’s set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an authorization issue vulnerability that stems from allowing an authenticated user with limited access to certain DAGs to construct a request that grants the user write access to various DAG resources for DAGs that the user is not authorized to access. An attacker could exploit the vulnerability to be able to purge DAGs that they should not be able to purge.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache airflow | lt | 2.7.2 |
Related
osv
osv
CVE-2023-42792
2023-10-14 10:15:10
BIT-airflow-2023-42792
2024-03-06 10:52:32
Apache Airflow vulnerable to privilege escalation
2023-10-14 12:30:23
nvd
nvd
CVE-2023-42792
2023-10-14 10:15:10
CVE-2023-48291
2023-12-21 10:15:36
cvelist
cvelist
CVE-2023-42792 Apache Airflow: Improper access control to DAG resources
2023-10-14 09:47:07
CVE-2023-48291 Apache Airflow: Improper access control to DAG resources
2023-12-21 09:30:46
cve
cve
CVE-2023-42792
2023-10-14 10:15:10
CVE-2023-48291
2023-12-21 10:15:36
github
github
Apache Airflow vulnerable to privilege escalation
2023-10-14 12:30:23
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere
2023-12-21 12:30:27
veracode
veracode
Privilege Escalation
2023-10-16 13:12:49
prion
prion
Design/Logic Flaw
2023-10-14 10:15:00
Security feature bypass
2023-12-21 10:15:00