Описание
Apache Airflow vulnerable to sensitive information exposure
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user with access to read specific DAGs only to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-42663
- https://github.com/apache/airflow/pull/34315
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml
- https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9
- http://www.openwall.com/lists/oss-security/2023/11/12/2
Пакеты
apache-airflow
< 2.7.2
2.7.2
Связанные уязвимости
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
Apache Airflow, versions before 2.7.2, has a vulnerability that allows ...
Уязвимость программное обеспечение создания, мониторинга и оркестрации сценариев обработки данных Airflow, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить доступ на чтение данных