Lucene search
K

8 matches found

OSV
OSV
added 2024/03/06 10:51 a.m.24 views

BIT-AIRFLOW-2023-48291 Apache Airflow: Improper access control to DAG resources

Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...

4.3CVSS5.1AI score0.018EPSS
Exploits0References4
OSV
OSV
added 2023/12/21 12:30 p.m.17 views

GHSA-8F57-WCMG-4JMH Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere

Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...

4.3CVSS5.1AI score0.018EPSS
Exploits0References7
Prion
Prion
added 2023/12/21 10:15 a.m.21 views

Security feature bypass

Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...

4CVSS6.7AI score0.018EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2023/10/14 2:29 p.m.8 views

CVE-2023-42792

creationtimestamp| type| source ---|---|--- 2023-10-14 14:29:49+00:00| seen| https://t.me/cibsecurity/72282 2024-01-14 09:36:43+00:00| seen| https://t.me/ctinow/167980...

6.5CVSS5.4AI score0.01433EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2023/10/14 12:30 p.m.6 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-42792 via apache-airflow (>=1.8.2 <=2.7.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-42792 Source advisory: OSV:GHSA-J3W8-2P2H-MRR9...

6.5CVSS6.3AI score0.01433EPSS
Exploits0
NVD
NVD
added 2023/10/14 10:15 a.m.25 views

CVE-2023-42792

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...

6.5CVSS4.7AI score0.01433EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/10/14 9:47 a.m.21 views

CVE-2023-42792 Apache Airflow: Improper access control to DAG resources

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...

5.2AI score0.01433EPSS
Exploits0References3
CVE
CVE
added 2023/10/14 9:47 a.m.135 views

CVE-2023-42792

CVE-2023-42792 (Apache Airflow) affects Airflow versions prior to 2.7.2. An authenticated user with limited access to some DAGs can craft a request to gain write access to DAG resources for DAGs they should not access, enabling them to clear those DAGs. Root cause described as improper access con...

6.5CVSS5.2AI score0.01433EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder