Lucene search
GitHub Advisory DatabaseGHSA-H574-6646-VFXXHistoryMar 14, 2024 - 9:31 a.m.
Apache Airflow: Ignored Airflow Permission
2024-03-1409:31:05
CWE-281
GitHub Advisory Database
github.com
6
apache airflow
vulnerability
unauthorized access
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
Affected configurations
Node
apacheairflowRange<2.8.3rc1
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache-airflow | lt | 2.8.3rc1 |
References
www.openwall.com/lists/oss-security/2024/03/13/5
github.com/advisories/GHSA-h574-6646-vfxx
github.com/apache/airflow/commit/89e7f3e7bdf2126bbbcd959dc10d65ef92773cca
github.com/apache/airflow/pull/37881
github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-46.yaml
lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7
nvd.nist.gov/vuln/detail/CVE-2024-28746
Related
cnvd
cnvd
osv
osv
CVE-2024-28746
2024-03-14 09:15:47
BIT-airflow-2024-28746
2024-03-31 18:16:36
PYSEC-2024-46
2024-03-14 09:15:00
prion
prion
CVE-2024-28746
2024-03-14 22:54:11
nvd
nvd
CVE-2024-28746
2024-03-14 09:15:47
veracode
veracode
Authorization Bypass
2024-03-15 19:58:58
cvelist
cvelist
CVE-2024-28746 Apache Airflow: Ignored Airflow Permissions
2024-03-14 08:41:03
cve
cve
CVE-2024-28746
2024-03-14 09:15:47