6 matches found
EUVD-2023-0027
Malicious code in bioql PyPI...
Fedora 40 : golang-cloud-google / golang-cloud-google-bigquery / etc (2023-f23d9c5057)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f23d9c5057 advisory. Split golang-cloud-google into multiple modules Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
BIT-AIRFLOW-2023-47037 Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have the...
CVE-2023-47037
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have the...
Design/Logic Flaw
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have the...
CVE-2023-40611
Apache Airflow vulnerable before 2.7.1: authenticated DAG-view users can modify DAG run detail values when submitting notes (e.g., configuration, start date). Root cause relates to broken access control around DAG runs. A fix exists in 2.7.1 and later; upgrade to 2.7.1+ to remove the vulnerabilit...