Lucene search
ApacheCVELIST:CVE-2023-42780HistoryOct 14, 2023 - 9:46 a.m.
CVE-2023-42780 Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature
2023-10-1409:46:09
CWE-200
apache
www.cve.org
cve-2023-42780
apache airflow
access control
0.0004 Low
EPSS
Percentile
16.0%
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
CNA Affected
[
{
"collectionURL": "https://pypi.python.org/",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.7.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
BIT-airflow-2023-42780
2024-03-06 10:52:56
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
2023-10-14 12:30:23
BIT-2023-42780
2023-10-19 06:17:29
cve
cve
CVE-2023-42780
2023-10-14 10:15:10
cnvd
cnvd
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85612)
2023-10-17 00:00:00
hackerone
hackerone
prion
prion
Design/Logic Flaw
2023-10-14 10:15:00
nvd
nvd
CVE-2023-42780
2023-10-14 10:15:10
github
github
veracode
veracode
Information Disclosure
2023-10-16 07:44:11