First published: Fri Oct 13 2023(Updated: )
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
Credit: security@apache.org security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
pip/apache-airflow | >=0<2.7.2 | 2.7.2 |
<2.7.2 | ||
Apache Airflow | <2.7.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-42663.
The title of this vulnerability is 'CVE-2023-42663: Apache Airflow: Bypass permission verification to view task instances of other dags'.
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
More information about this vulnerability can be found at the following references: <ul><li>https://github.com/apache/airflow/pull/34315</li><li>https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9</li><li>https://nvd.nist.gov/vuln/detail/CVE-2023-42663</li></ul>