4 matches found
Fedora 40 : golang-cloud-google / golang-cloud-google-bigquery / etc (2023-f23d9c5057)
The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f23d9c5057 advisory. Split golang-cloud-google into multiple modules Tenable has extracted the preceding description block directly from the Fedora security advisory. No...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +138 more potentially affected by CVE-2023-47037 via apache-airflow (>=1.8.2 <=2.7.2)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-47037 Source advisory: OSV:GHSA-HM9R-7F84-25C9...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +138 more potentially affected by CVE-2023-47037 via apache-airflow (>=1.8.2 <=2.7.2)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-47037 Source advisory: OSV:PYSEC-2023-232...
CVE-2023-47037
Apache Airflow (versions before 2.7.3) is affected by a Broken Access Control vulnerability tracked as CVE-2023-47037. The issue allows authenticated DAG-view authorized users to modify DAG run detail values (e.g., configuration parameters, start date) when submitting notes. The underlying proble...