Lucene search

GitHub Advisory DatabaseGHSA-2H84-3CRQ-VGFJ

HistoryJul 12, 2023 - 12:31 p.m.

Apache Airflow Incorrect Authorization vulnerability

2023-07-1212:31:36

CWE-863

GitHub Advisory Database

github.com

apache airflow

vulnerability

unauthorized access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.2%

JSON

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected

Affected configurations

Vulners

Node

apacheairflowRange<2.6.3

VendorProductVersionCPE
apacheairflow*cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	airflow	*	cpe:2.3:a:apache:airflow::::::::

References

github.com/advisories/GHSA-2h84-3crq-vgfj

github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db

github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352

github.com/apache/airflow/pull/32014

github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml

lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw

nvd.nist.gov/vuln/detail/CVE-2023-35908

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

41.2%

JSON

Related for GHSA-2H84-3CRQ-VGFJ