Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-r7x6-xfcm-3mxv: Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

ghsa
#vulnerability#apache#git#auth

Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Moderate severity GitHub Reviewed Published Nov 12, 2023 to the GitHub Advisory Database • Updated Nov 14, 2023

Related news

CVE-2023-42781: Return only the TIs of the readable dags when ~ is provided as a dag_id by hussein-awala · Pull Request #34939 · apache/airflow

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP