Lucene search
GoogleOSV:BIT-2023-42780HistoryOct 19, 2023 - 6:17 a.m.
BIT-2023-42780
2023-10-1906:17:29
Google
osv.dev
20
apache airflow
versions
security vulnerability
authenticated users
dags
permissions
dag_ids
import errors
upgrade
mitigation
0.0004 Low
EPSS
Percentile
16.0%
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
Related
osv
osv
BIT-airflow-2023-42780
2024-03-06 10:52:56
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
2023-10-14 12:30:23
PYSEC-2023-202
2023-10-14 10:15:00
cve
cve
CVE-2023-42780
2023-10-14 10:15:10
cnvd
cnvd
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85612)
2023-10-17 00:00:00
hackerone
hackerone
prion
prion
Design/Logic Flaw
2023-10-14 10:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-42780
2023-10-14 10:15:10
github
github
veracode
veracode
Information Disclosure
2023-10-16 07:44:11