CVE-2024-28746

2024-03-1409:15:47

CWE-281

[email protected]

web.nvd.nist.gov

apache airflow

vulnerability

access control

cve-2024-28746

nvd

6.2 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.

Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

Affected configurations

Vulners

Node

apacheairflowRange≤2.8.3

CNA Affected

[
  {
    "collectionURL": "https://pypi.python.org",
    "defaultStatus": "unaffected",
    "packageName": "apache-airflow",
    "product": "Apache Airflow",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "2.8.3",
        "status": "affected",
        "version": "2.8.0",
        "versionType": "semver"
      }
    ]
  }
]