Apache Airflow vulnerable to sensitive information exposure

GHSA-32wr-qqw6-5mfp · BIT-airflow-2023-42663 · CVE-2023-42663 · PYSEC-2023-197

Published Oct 14, 2023 · Modified Feb 13, 2025

Description

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user with access to read specific DAGs only to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-42663
WEB https://github.com/apache/airflow/pull/34315
PACKAGE https://github.com/apache/airflow
WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml
WEB https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9
WEB http://www.openwall.com/lists/oss-security/2023/11/12/2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes