Apache Airflow: Ignored Airflow Permission

GHSA-h574-6646-vfxx · BIT-airflow-2024-28746 · CVE-2024-28746 · PYSEC-2024-46

Published Mar 14, 2024 · Modified Dec 6, 2024

Description

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.

Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-28746
WEB https://github.com/apache/airflow/pull/37881
WEB https://github.com/apache/airflow/commit/89e7f3e7bdf2126bbbcd959dc10d65ef92773cca
PACKAGE https://github.com/apache/airflow
WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-46.yaml
WEB https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7
WEB http://www.openwall.com/lists/oss-security/2024/03/13/5

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes