Skip to content

Apache Airflow: Bypass permission verification to read code of other dags

Moderate severity GitHub Reviewed Published Jan 24, 2024 to the GitHub Advisory Database • Updated Sep 12, 2024

Package

pip apache-airflow (pip)

Affected versions

>= 0, < 2.8.1rc1

Patched versions

2.8.1rc1

Description

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

References

Published by the National Vulnerability Database Jan 24, 2024
Published to the GitHub Advisory Database Jan 24, 2024
Reviewed Jan 24, 2024
Last updated Sep 12, 2024

Severity

Moderate

EPSS score

0.117%
(47th percentile)

Weaknesses

CVE ID

CVE-2023-50944

GHSA ID

GHSA-vm5m-qmrx-fw8w

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.