Lucene search

K
osvGoogleOSV:GHSA-6V6W-H8M6-7MV2
HistoryFeb 29, 2024 - 12:31 p.m.

Apache Airflow: DAG Code and Import Error Permissions Ignored

2024-02-2912:31:06
Google
osv.dev
5
apache airflow
vulnerability
unauthorized access
dag code
import errors
upgrade

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.

Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

References

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Related for OSV:GHSA-6V6W-H8M6-7MV2