Lucene search
+L

27 matches found

NVD
NVD
added 2023/10/14 10:15 a.m.16 views

CVE-2023-42663

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

6.5CVSS6.2AI score0.01551EPSS
Exploits0References3
Prion
Prion
added 2023/10/14 10:15 a.m.22 views

Security feature bypass

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

4CVSS6.1AI score0.01551EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2023/10/14 10:15 a.m.8 views

PYSEC-2023-197

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with...

6.5CVSS6.6AI score0.01551EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/14 10:15 a.m.4 views

PYSEC-2023-197

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

6.5CVSS6.6AI score0.01551EPSS
Exploits0References3
CVE
CVE
added 2023/10/14 9:47 a.m.136 views

CVE-2023-42663

CVE-2023-42663 concerns Apache Airflow before 2.7.2, where an authorized user with access to some DAGs can read information about task instances in other DAGs, causing information disclosure across DAG boundaries. This is described across multiple sources as a permission-verification bypass expos...

6.5CVSS6.1AI score0.01551EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/14 9:47 a.m.29 views

CVE-2023-42663 Apache Airflow: Bypass permission verification to view task instances of other dags

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

6.4AI score0.01551EPSS
Exploits0References3
Hacker One
Hacker One
added 2023/10/13 4:50 p.m.86 views

Internet Bug Bounty: CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags

In Apache Airflow versions before 2.7.2, a vulnerability existed that allowed authorized users with access to read specific DAGs to view task instance information from other DAGs by bypassing permission verification. Upgrading to Apache Airflow version 2.7.2 or newer addressed this issue...

6.5CVSS6AI score0.01551EPSS
Exploits0
Rows per page
Query Builder