Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow | lt | 2.8.3rc1 |
www.openwall.com/lists/oss-security/2024/03/13/5
github.com/advisories/GHSA-h574-6646-vfxx
github.com/apache/airflow/commit/89e7f3e7bdf2126bbbcd959dc10d65ef92773cca
github.com/apache/airflow/pull/37881
github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-46.yaml
lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7
nvd.nist.gov/vuln/detail/CVE-2024-28746