CVE-2024-5272

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1, 8.1.x = 8.1.12 fail to restrict the audience of the "customplaybooksplaybookrunupdated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by finished...

GHSA-HM9R-7F84-25C9 Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

PYSEC-2023-232

We failed to applyCVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them...

PYSEC-2023-232

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have the...

CVE-2023-47037

Apache Airflow (versions before 2.7.3) is affected by a Broken Access Control vulnerability tracked as CVE-2023-47037. The issue allows authenticated DAG-view authorized users to modify DAG run detail values (e.g., configuration parameters, start date) when submitting notes. The underlying proble...

PT-2023-6914 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.7.3 Description: The issue allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and sta...

Incorrect Authorization

apacheairflow is vulnerable to Incorrect Authorization. The vulnerability is caused by a missing read only validation rule for all the fields e.g: startdate, enddate, runid ,dagid, state except note field while editing/modifying DAG Directed Acyclic Graph run detail values. This can lead to...

CVE-2023-40611

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

PYSEC-2023-170

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allowsauthenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.Users should upgrade to...

CVE-2023-40611 Apache Airflow Dag Runs Broken Access Control Vulnerability

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to...

PT-2023-8623 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions before 2.7.1 Description: The issue allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes, potentially altering details such as configuration parameters and start...