Lucene search
Veracode Vulnerability DatabaseVERACODE:45173HistoryJan 25, 2024 - 12:22 p.m.
Improper Authorization
2024-01-2512:22:46
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
apache-airflow
improper authorization
vulnerability
dag code access
authenticated user
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
45.8%
apache-airflow is vulnerable to Improper Authorization. The vulnerability is due to missing access control check while accessing DAG code. An authenticated user can access source code of DAG to which they don’t have access to.
Related
osv
osv
Apache Airflow: Bypass permission verification to read code of other dags
2024-01-24 15:30:30
BIT-airflow-2023-50944
2024-03-06 10:50:38
PYSEC-2024-14
2024-01-24 13:15:00
cvelist
cvelist
github
github
Apache Airflow: Bypass permission verification to read code of other dags
2024-01-24 15:30:30
prion
prion
Code injection
2024-01-24 13:15:00
nvd
nvd
CVE-2023-50944
2024-01-24 13:15:08
vulnrichment
vulnrichment
cve
cve
CVE-2023-50944
2024-01-24 13:15:08
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
High
EPSS
0.001
Percentile
45.8%
Related for VERACODE:45173