Количество 4
Количество 4
CVE-2023-49920
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected
CVE-2023-49920
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that ...
GHSA-6m9r-7wrx-xmr6
Apache Airflow Cross-Site Request Forgery vulnerability
BDU:2024-00577
Уязвимость программного обеспечения создания, мониторинга и оркестрации сценариев обработки данных Airflow , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-49920 Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| CVE-2023-49920 Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that ... | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
| GHSA-6m9r-7wrx-xmr6 Apache Airflow Cross-Site Request Forgery vulnerability | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
 | BDU:2024-00577 Уязвимость программного обеспечения создания, мониторинга и оркестрации сценариев обработки данных Airflow , связанная с недостаточной проверкой подлинности выполняемых запросов, позволяющая нарушителю осуществить CSRF-атаку | CVSS3: 6.5 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу