Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
Metrics
Affected Vendors & Products
References
History
Mon, 25 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-02-29T11:02:19.310Z
Updated: 2024-11-25T15:26:06.988Z
Reserved: 2024-02-27T12:16:34.135Z
Link: CVE-2024-27906
Vulnrichment
Updated: 2024-08-02T00:41:55.777Z
NVD
Status : Awaiting Analysis
Published: 2024-02-29T11:15:08.920
Modified: 2024-11-25T16:15:12.653
Link: CVE-2024-27906
Redhat
No data.