Apache-airflow is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to improper permission checks in the API and UI components. An attacker can view DAG code and import errors for DAGs they are not authorized to access by exploiting this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow | le | 2.8.2rc3 | |
apache-airflow | le | 2.8.2rc3 |
www.openwall.com/lists/oss-security/2024/02/29/1
github.com/advisories/GHSA-6v6w-h8m6-7mv2
github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326
github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2
github.com/apache/airflow/pull/37290
github.com/apache/airflow/pull/37468
lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5