BIT-airflow-2023-40611

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/airflow/BIT-airflow-2023-40611.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-airflow-2023-40611
Aliases
Published
2024-03-06T10:53:28.968Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

References

Affected packages

Bitnami / airflow

Package

Name
airflow
Purl
pkg:bitnami/airflow

Severity

  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7.3