3 matches found
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +142 more potentially affected by CVE-2024-26280 via apache-airflow (>=1.8.2 <=2.8.1)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2024-26280 Source advisory: OSV:GHSA-6XWF-XVF3-V459...
abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +142 more potentially affected by CVE-2024-26280 via apache-airflow (>=1.8.2 <=2.8.1)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =1.10.6 and more Source cves: CVE-2024-26280 Source advisory: OSV:PYSEC-2024-42...
CVE-2024-26280
Apache Airflow prior to 2.8.2 has an information-disclosure issue where authenticated Ops and Viewers can see audit-log contents (e.g., dag names, usernames not visible to them). Version 2.8.2+ fixes default audit-log permissions (Ops/Viewers no longer have access by default; admins retain access...