Lucene search
ApacheCVELIST:CVE-2023-50944HistoryJan 24, 2024 - 12:58 p.m.
CVE-2023-50944 Apache Airflow: Bypass permission verification to read code of other dags
2024-01-2412:58:18
CWE-862
apache
www.cve.org
6
apache airflow
authenticated user
unauthorized access
EPSS
0.001
Percentile
45.8%
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they donβt have access.Β This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
CNA Affected
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
Apache Airflow: Bypass permission verification to read code of other dags
2024-01-24 15:30:30
BIT-airflow-2023-50944
2024-03-06 10:50:38
PYSEC-2024-14
2024-01-24 13:15:00
github
github
Apache Airflow: Bypass permission verification to read code of other dags
2024-01-24 15:30:30
prion
prion
Code injection
2024-01-24 13:15:00
nvd
nvd
CVE-2023-50944
2024-01-24 13:15:08
vulnrichment
vulnrichment
veracode
veracode
Improper Authorization
2024-01-25 12:22:46
cve
cve
CVE-2023-50944
2024-01-24 13:15:08