Lucene search
ApacheCVELIST:CVE-2024-28746HistoryMar 14, 2024 - 8:41 a.m.
CVE-2024-28746 Apache Airflow: Ignored Airflow Permissions
2024-03-1408:41:03
CWE-281
apache
www.cve.org
2
apache airflow
vulnerability
ignored permissions
upgrade
2.8.3
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
CNA Affected
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.8.3",
"status": "affected",
"version": "2.8.0",
"versionType": "semver"
}
]
}
]Related
cnvd
cnvd
osv
osv
BIT-airflow-2024-28746
2024-03-31 18:16:36
CVE-2024-28746
2024-03-14 09:15:47
Apache Airflow: Ignored Airflow Permission
2024-03-14 09:31:05
vulnrichment
vulnrichment
CVE-2024-28746 Apache Airflow: Ignored Airflow Permissions
2024-03-14 08:41:03
prion
prion
CVE-2024-28746
2024-03-14 22:54:11
cve
cve
CVE-2024-28746
2024-03-14 09:15:47
nvd
nvd
CVE-2024-28746
2024-03-14 09:15:47
github
github
Apache Airflow: Ignored Airflow Permission
2024-03-14 09:31:05
veracode
veracode
Authorization Bypass
2024-03-15 19:58:58