3 matches found
BIT-AIRFLOW-2026-26929 Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
CVE-2026-26929 Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
CVE-2002-0558
Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and earlier allows a remote authenticated user possibly anonymous to list arbitrary directories via a .. in a LIST ls command ending in wildcard . characters...