CVE-2023-48291 Apache Airflow: Improper access control to DAG resources

🗓️ 21 Dec 2023 09:30:46Reported by apacheType

Apache Airflow access control vulnerabilit

Reporter	Title	Published	Views	Family All 17
BDU FSTEC	The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in the ability to disclose information in the error-prone data area, allowing an intruder to gain unauthorized access to the database.	23 Jan 202400:00	–	bdu_fstec
Circl	CVE-2023-48291	21 Dec 202311:22	–	circl
CNNVD	Apache Airflow 安全漏洞	21 Dec 202300:00	–	cnnvd
CNVD	Apache Airflow Security Bypass Vulnerability (CNVD-2024-0101425)	25 Dec 202300:00	–	cnvd
CVE	CVE-2023-48291	21 Dec 202309:30	–	cve
Github Security Blog	Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere	21 Dec 202312:30	–	github
NVD	CVE-2023-48291	21 Dec 202310:15	–	nvd
OSV	BIT-AIRFLOW-2023-48291 Apache Airflow: Improper access control to DAG resources	6 Mar 202410:51	–	osv
OSV	GHSA-8F57-WCMG-4JMH Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere	21 Dec 202312:30	–	osv
OSV	PYSEC-2023-265	21 Dec 202310:15	–	osv

[
  {
    "collectionURL": "https://pypi.python.org",
    "defaultStatus": "unaffected",
    "packageName": "apache-airflow",
    "product": "Apache Airflow",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "2.8.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
openwall	www.openwall.com/lists/oss-security/2023/12/21/1
github	www.github.com/apache/airflow/pull/34366
lists	www.lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3

21 Dec 2023 09:35Current

5.5Medium risk

Vulners AI Score5.5

EPSS0.018

CWE-668