4 matches found
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-42780 via apache-airflow (>=1.8.2 <=2.7.1)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-42780 Source advisory: OSV:GHSA-CGX2-RRMR-JX43...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-42780 via apache-airflow (>=1.8.2 <=2.7.1)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-42780 Source advisory: OSV:PYSEC-2023-202...
CVE-2023-42780
Apache Airflow vulnerability CVE-2023-42780 affects versions prior to 2.7.2. Authenticated users can list warnings for all DAGs, even if they lack permission to view those DAGs, exposing dag_ids and import-error stack traces. Impact is information disclosure of non-authorized DAG metadata; no exp...
CVE-2023-42780 Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...