Lucene search
Veracode Vulnerability DatabaseVERACODE:45727HistoryMar 03, 2024 - 11:37 a.m.
Exposure Of Resource To Wrong Sphere
2024-03-0311:37:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
apache-airflow
vulnerability
permission checks
api
ui
unauthorized access
dag code
Apache-airflow is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to improper permission checks in the API and UI components. An attacker can view DAG code and import errors for DAGs they are not authorized to access by exploiting this vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache-airflow | le | 2.8.2rc3 | |
| apache-airflow | le | 2.8.2rc3 |
References
www.openwall.com/lists/oss-security/2024/02/29/1
github.com/advisories/GHSA-6v6w-h8m6-7mv2
github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326
github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2
github.com/apache/airflow/pull/37290
github.com/apache/airflow/pull/37468
lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5
Related
github
github
Apache Airflow: DAG Code and Import Error Permissions Ignored
2024-02-29 12:31:06
prion
prion
Security feature bypass
2024-02-29 11:15:00
osv
osv
Apache Airflow: DAG Code and Import Error Permissions Ignored
2024-02-29 12:31:06
CVE-2024-27906
2024-02-29 11:15:08
BIT-airflow-2024-27906
2024-03-31 18:16:47
cvelist
cvelist
CVE-2024-27906 Apache Airflow: Dag Code and Import Error Permissions Ignored
2024-02-29 11:02:19
cve
cve
CVE-2024-27906
2024-02-29 11:15:08