Lucene search
+L

4 matches found

vulnersOsv
vulnersOsv
added 2023/10/14 12:30 p.m.5 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-42780 via apache-airflow (>=1.8.2 <=2.7.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-42780 Source advisory: OSV:GHSA-CGX2-RRMR-JX43...

6.5CVSS6.5AI score0.01071EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/10/14 10:15 a.m.5 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +137 more potentially affected by CVE-2023-42780 via apache-airflow (>=1.8.2 <=2.7.1)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-42780 Source advisory: OSV:PYSEC-2023-202...

6.5CVSS6.5AI score0.01071EPSS
Exploits0
CVE
CVE
added 2023/10/14 9:46 a.m.94 views

CVE-2023-42780

Apache Airflow vulnerability CVE-2023-42780 affects versions prior to 2.7.2. Authenticated users can list warnings for all DAGs, even if they lack permission to view those DAGs, exposing dag_ids and import-error stack traces. Impact is information disclosure of non-authorized DAG metadata; no exp...

6.5CVSS6.2AI score0.01071EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/14 9:46 a.m.25 views

CVE-2023-42780 Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature

Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dagids and the stack-traces of import errors for those DAGs with import...

6.5AI score0.01071EPSS
Exploits0References2
Rows per page
Query Builder