First published: Thu Jan 20 2022(Updated: )
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Airflow | >=1.10.0<=1.10.15 | |
Apache Airflow | >=2.0.0<2.2.0 | |
pip/apache-airflow | <2.2.0 | 2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-45230 is a vulnerability in Apache Airflow prior to version 2.2.0 that allows users with 'can_create' permissions to create Dag Runs for dags they don't have 'edit' permissions for.
CVE-2021-45230 affects Apache Airflow versions prior to 2.2.0.
The severity of CVE-2021-45230 is medium, with a severity value of 6.5.
To fix CVE-2021-45230, upgrade Apache Airflow to version 2.2.0 or later.
More information about CVE-2021-45230 can be found at the following reference: [CVE-2021-45230](https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl)