CVE-2024-27906

Sažetak

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Reference

http://www.openwall.com/lists/oss-security/2024/02/29/1
https://github.com/apache/airflow/pull/37290
https://github.com/apache/airflow/pull/37468
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5
http://www.openwall.com/lists/oss-security/2024/02/29/1
https://github.com/apache/airflow/pull/37290
https://github.com/apache/airflow/pull/37468
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5

CVSS

Base:	5.9
Impact:	3.4
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	LOW

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Zadnje važnije ažuriranje

01-05-2025 - 19:13

Objavljeno

29-02-2024 - 11:15