CVE-2023-50944 – apache-airflow

Package

Manager: pip
Name: apache-airflow
Vulnerable Version: >=0 <2.8.1rc1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00131 pctl0.33428

Details

Apache Airflow: Bypass permission verification to read code of other dags Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Metadata

Created: 2024-01-24T15:30:30Z
Modified: 2025-02-13T19:33:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-vm5m-qmrx-fw8w/GHSA-vm5m-qmrx-fw8w.json
CWE IDs: ["CWE-862"]
Alternative ID: GHSA-vm5m-qmrx-fw8w
Finding: F039
Auto approve: 1