PYSEC-2024-14

🗓️ 24 Jan 2024 13:00:15Reported by GoogleType

osv🔗 osv.dev👁 13 Views

Vulnerability in Apache Airflow allows authenticated user access to unauthorized DAG source code. Upgrade to version 2.8.1

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 13
Prion	Code injection	24 Jan 202413:15	–	prion
NVD	CVE-2023-50944	24 Jan 202413:15	–	nvd
Cvelist	CVE-2023-50944 Apache Airflow: Bypass permission verification to read code of other dags	24 Jan 202412:58	–	cvelist
Github Security Blog	Apache Airflow: Bypass permission verification to read code of other dags	24 Jan 202415:30	–	github
OSV	Apache Airflow: Bypass permission verification to read code of other dags	24 Jan 202415:30	–	osv
OSV	CVE-2023-50944	24 Jan 202413:15	–	osv
OSV	BIT-airflow-2023-50944	6 Mar 202410:50	–	osv
Hacker One	Internet Bug Bounty: Apache Airflow: Bypass permission verification to read code of other dags	31 Jan 202407:20	–	hackerone
CVE	CVE-2023-50944	24 Jan 202413:15	–	cve
CNVD	Apache Airflow Information Disclosure Vulnerability (CNVD-2024-26532)	29 Jan 202400:00	–	cnvd

Source	Link
github	www.github.com/apache/airflow/pull/36257
lists	www.lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Jan 2024 13:15Current

7High risk

Vulners AI Score7

CVSS36.5

EPSS0.00105

SSVC