First published: Sun May 07 2023(Updated: )
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Airflow | <2.6.0 | |
pip/apache-airflow | <2.6.0 | 2.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-29247 is a vulnerability in Apache Airflow that allows for stored cross-site scripting (XSS) attacks.
The severity of CVE-2023-29247 is medium, with a CVSS score of 5.4.
CVE-2023-29247 affects Apache Airflow versions prior to 2.6.0.
To fix CVE-2023-29247, you should upgrade Apache Airflow to version 2.6.0 or later.
The CWE ID for CVE-2023-29247 is CWE-79, which corresponds to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').