CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
41.2%
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL.Β It is recommended to upgrade to a version that is not affected
github.com/advisories/GHSA-2h84-3crq-vgfj
github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db
github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352
github.com/apache/airflow/pull/32014
github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml
lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw
nvd.nist.gov/vuln/detail/CVE-2023-35908