Lucene search
0xt4reqH1:2249299HistoryNov 12, 2023 - 3:57 p.m.
Internet Bug Bounty: CVE-2023-47037: Airflow Broken Access Control Vulnerability
2023-11-1215:57:10
0xt4req
hackerone.com
37
apache airflow
vulnerability
broken access control
Hi IBB,
Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Here is the conversation between the security team of airflow.
āāāāā
More Details:
https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0
Impact
Broken Access Control Vulnerability.
Related
osv
osv
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
2023-11-12 15:30:20
PYSEC-2023-232
2023-11-12 14:15:00
BIT-airflow-2023-47037
2024-03-06 10:51:48
cnvd
cnvd
Apache Airflow Authorization Problem Vulnerability (CNVD-2023-93318)
2023-11-14 00:00:00
veracode
veracode
Incorrect Authorization
2023-11-13 11:27:13
github
github
cve
cve
CVE-2023-47037
2023-11-12 14:15:25
prion
prion
Design/Logic Flaw
2023-11-12 14:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-47037
2023-11-12 14:15:25
nessus
nessus