3 matches found
CVE-2023-48291
Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +139 more potentially affected by CVE-2023-48291 via apache-airflow (>=1.8.2 <=2.7.3)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 - airflow-cyberark-secrets-backend =0.1.0 and more Source cves: CVE-2023-48291 Source advisory: OSV:PYSEC-2023-265...
CVE-2023-48291
Apache Airflow prior to 2.8.0 is affected by an access-control vulnerability where an authenticated user with limited DAG access can craft a request to obtain write access to DAG resources for other DAGs, enabling them to clear DAGs they shouldn’t. This CVE (CVE-2023-48291) is described as a miss...