Information Disclosure

Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to an improper access control mechanism which allows an authorized user with read access to specific Directed Acyclic Graphs DAGS to access information about task instances in other DAGs...

GHSA-32WR-QQW6-5MFP Apache Airflow vulnerable to sensitive information exposure

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user with access to read specific DAGs only to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with th...

CVE-2023-42663

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

PYSEC-2023-197

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with...

Security feature bypass

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

PYSEC-2023-197

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

CVE-2023-42663

CVE-2023-42663 concerns Apache Airflow before 2.7.2, where an authorized user with access to some DAGs can read information about task instances in other DAGs, causing information disclosure across DAG boundaries. This is described across multiple sources as a permission-verification bypass expos...

CVE-2023-42663 Apache Airflow: Bypass permission verification to view task instances of other dags

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated wit...

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an information disclosure vulnerability that can be...

Improper Access Control in vantage6

Impact The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, currently it is only checked if the user has permission to view the...

Internet Bug Bounty: CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags

In Apache Airflow versions before 2.7.2, a vulnerability existed that allowed authorized users with access to read specific DAGs to view task instance information from other DAGs by bypassing permission verification. Upgrading to Apache Airflow version 2.7.2 or newer addressed this issue...

SUSE CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

CVE-2023-41882

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

Code injection

vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/id/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version...

vantage6 Code Issue Vulnerability

vantage6 is a vantage6 open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. A code issue vulnerability exists in vantage6 versions prior to 3.3.3, which stems from the endpoint /api/collaboration/id/task is used to collect all tasks for a collaboration,...

PT-2023-28141 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.0.0 Description: vantage6 is privacy preserving federated learning infrastructure. The endpoint "/api/collaboration/id/task" is used to collect all tasks from a certain collaboration. To get such tasks, a user...

Harbor timing attack risk

In the Harbor jobservice container, the comparison of secrets in the authenticator type is prone to timing attacks. The vulnerability occurs due to the following code: https://github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.goL69-L69 To...

CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

CVE-2023-4732 Kernel: race between task migrating pages and another task calling exit_mmap to release those same pages getting invalid opcode bug in include/linux/swapops.h

A flaw was found in pfnswapentrytopage in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmdt x...

CVE-2023-43944

A Stored Cross Site Scripting XSS vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=projectlist...