Apache Airflow is the United States Apache (Apache) Foundation’s set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an authorization issue vulnerability that stems from allowing an authenticated user with limited access to certain DAGs to construct a request that grants the user write access to various DAG resources for DAGs that the user is not authorized to access. An attacker could exploit the vulnerability to be able to purge DAGs that they should not be able to purge.
CPE | Name | Operator | Version |
---|---|---|---|
apache airflow | lt | 2.7.2 |