BIT-airflow-2024-27906

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/airflow/BIT-airflow-2024-27906.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-airflow-2024-27906

Aliases

CVE-2024-27906
GHSA-6v6w-h8m6-7mv2

Published

2024-03-31T18:16:47.034Z

Modified

2024-06-17T07:56:05.360Z

Summary

[none]

Details

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

References

http://www.openwall.com/lists/oss-security/2024/02/29/1
https://github.com/apache/airflow/pull/37290
https://github.com/apache/airflow/pull/37468
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5

Affected packages

Bitnami / airflow

Package

Name: airflow
Purl: pkg:bitnami/airflow

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.2