40 matches found
BIT-AIRFLOW-2026-24098 Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
CVE-2026-24098
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Impact Exposure of Sensitive Information: An information disclosure vulnerability exists in the Apache Airflow UI that allows authenticated users to view Import Errors for DAGs they are not authorized to access. In affected versions, the Import Errors view does not correctly filter errors based o...
GHSA-5G2W-9F8G-G5Q7 Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users
Impact Exposure of Sensitive Information: An information disclosure vulnerability exists in the Apache Airflow UI that allows authenticated users to view Import Errors for DAGs they are not authorized to access. In affected versions, the Import Errors view does not correctly filter errors based o...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Import Errors view. An authenticated attacker can access sensitive information, such as file paths, code snippets, or stack traces related to DAGs they are not authorized to access. Remediation Upgrade...
CVE-2026-24098
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
PYSEC-2026-12
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
PYSEC-2026-12
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
CVE-2026-24098
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
CVE-2026-24098 Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
CVE-2026-24098 Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
CVE-2026-24098
CVE-2026-24098 affects Apache Airflow versions before 3.1.7. Authenticated UI users with permission to one or more Dags can view import errors generated by other Dags they should not access. The issue is remedied by upgrading to Airflow 3.1.7 or later; no further exploit details are provided in t...
CVE-2026-24098
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...
Apache Airflow 安全漏洞
Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.1.7, there were security...
PT-2026-7103
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.1.7 Description Authenticated users of the Airflow user interface, with permissions to specific Dags, could view import errors generated by other Dags they were not authorized to access. Recommendations Upgra...
EUVD-2023-44029
Malicious code in bioql PyPI...
EUVD-2023-0022
Malicious code in bioql PyPI...
CVE-2023-3362
An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub...
UBUNTU-CVE-2024-4769
When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird...
GHSA-6V6W-H8M6-7MV2 Apache Airflow: DAG Code and Import Error Permissions Ignored
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...