Lucene search
ApacheCVELIST:CVE-2023-47037HistoryNov 12, 2023 - 1:12 p.m.
CVE-2023-47037 Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)
2023-11-1213:12:23
CWE-863
apache
www.cve.org
apache airflow
vulnerability
2.7.1
dag run
access
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.
Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.3 or later which has removed the vulnerability.
CNA Affected
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.7.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cve
cve
CVE-2023-47037
2023-11-12 14:15:25
CVE-2023-40611
2023-09-12 12:15:08
prion
prion
Design/Logic Flaw
2023-11-12 14:15:00
Design/Logic Flaw
2023-09-12 12:15:00
osv
osv
PYSEC-2023-232
2023-11-12 14:15:00
BIT-airflow-2023-47037
2024-03-06 10:51:48
CVE-2023-47037
2023-11-12 14:15:25
nvd
nvd
CVE-2023-47037
2023-11-12 14:15:25
CVE-2023-40611
2023-09-12 12:15:08
nessus
nessus
veracode
veracode
Incorrect Authorization
2023-09-15 09:56:05
Incorrect Authorization
2023-11-13 11:27:13
github
github
cnvd
cnvd
Apache Airflow Authorization Problem Vulnerability (CNVD-2023-93318)
2023-11-14 00:00:00
Apache Airflow Authorization Problem Vulnerability (CNVD-2023-72233)
2023-09-25 00:00:00
cvelist
cvelist
CVE-2023-40611 Apache Airflow Dag Runs Broken Access Control Vulnerability
2023-09-12 11:05:22
hackerone
hackerone