5 matches found
CVE-2024-28746
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to versi...
CVE-2024-28746
RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...
aind-airflow-jobs (>=0.2.1 <=0.2.6), airflow-tools (>=0.3.1 <=0.6.3) +5 more potentially affected by CVE-2024-28746 via apache-airflow (>=2.8.0 <=2.8.2)
apache-airflow PYPI version =2.8.0, =0.2.1, =0.3.1, =1.0.0rc1, =1.0.0rc1, =1.0.0, =1.1.0.post0.dev45, =1.1.3.post0.dev5 Source cves: CVE-2024-28746 Source advisory: OSV:GHSA-H574-6646-VFXX...
aind-airflow-jobs (>=0.2.1 <=0.2.6), airflow-tools (>=0.3.1 <=0.6.3) +5 more potentially affected by CVE-2024-28746 via apache-airflow (>=2.8.0 <=2.8.2)
apache-airflow PYPI version =2.8.0, =0.2.1, =0.3.1, =1.0.0rc1, =1.0.0rc1, =1.0.0, =1.1.0.post0.dev45, =1.1.3.post0.dev5 Source cves: CVE-2024-28746 Source advisory: OSV:PYSEC-2024-46...
CVE-2024-28746
CVE-2024-28746 affects Apache Airflow versions 2.8.0–2.8.2. The issue allows an authenticated user with limited permissions to access resources (e.g., variables, connections) from the UI that they should not access, constituting an information disclosure vulnerability. The cited connected documen...