Apache Airflow Incorrect Authorization vulnerability
Moderate severity
GitHub Reviewed
Published
Sep 12, 2023
to the GitHub Advisory Database
•
Updated Sep 12, 2024
Description
Published by the National Vulnerability Database
Sep 12, 2023
Published to the GitHub Advisory Database
Sep 12, 2023
Reviewed
Sep 12, 2023
Last updated
Sep 12, 2024
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.1 or later which has removed the vulnerability.
References