Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
History

Mon, 25 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-02-29T11:02:19.310Z

Updated: 2024-11-25T15:26:06.988Z

Reserved: 2024-02-27T12:16:34.135Z

Link: CVE-2024-27906

cve-icon Vulnrichment

Updated: 2024-08-02T00:41:55.777Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-29T11:15:08.920

Modified: 2024-11-25T16:15:12.653

Link: CVE-2024-27906

cve-icon Redhat

No data.