oss-sec mailing list archives
CVE-2023-50783: Apache Airflow: Improper access control vulnerability on the "varimport" endpoint
From: Ephraim Anierobi <ephraimanierobi () apache org>
Date: Thu, 21 Dec 2023 07:05:17 +0000
Severity: low Affected versions: - Apache Airflow before 2.8.0 Description: Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue Credit: balis0ng (finder) Ephraim Anierobi (remediation developer) References: https://github.com/apache/airflow/pull/33932 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-50783
Current thread:
- CVE-2023-50783: Apache Airflow: Improper access control vulnerability on the "varimport" endpoint Ephraim Anierobi (Dec 21)