CVE-2023-42781 Apache Airflow: Permission verification bypass allows viewing dagruns of other dags

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are...

CVE-2021-45230 Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "cancreate" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for...