Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-hm9r-7f84-25c9: Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

ghsa
#vulnerability#apache#git#auth#sap

Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

Moderate severity GitHub Reviewed Published Nov 12, 2023 to the GitHub Advisory Database • Updated Nov 13, 2023

Related news

CVE-2023-47037: Add read only validation to read only fields by ahidalgob · Pull Request #33413 · apache/airflow

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.  Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.  Users should upgrade to version 2.7.3 or later which has removed the vulnerability.