Lucene search

Veracode Vulnerability DatabaseVERACODE:44792

HistoryDec 22, 2023 - 11:48 a.m.

Improper Authorization

2023-12-2211:48:05

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache-airflow

authorization

vulnerability

privileges

dag's

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

apache-airflow is vulnerable to Improper Authorization. The vulnerability us due to a lack of authorization check while accessing DAG’s. An attacker can escalate their privileges to have write access to DAG’s of other users.

CPENameOperatorVersion
apache-airflowle2.8.0rc4
apache-airflowle2.8.0rc4

CPE	Name	Operator	Version
	apache-airflow	le	2.8.0rc4
	apache-airflow	le	2.8.0rc4

References

www.openwall.com/lists/oss-security/2023/12/21/1

github.com/advisories/GHSA-8f57-wcmg-4jmh

github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c

github.com/apache/airflow/pull/34366

lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for VERACODE:44792