BIT-airflow-2024-28746

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/airflow/BIT-airflow-2024-28746.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-airflow-2024-28746
Aliases
Published
2024-03-31T18:16:36.634Z
Modified
2025-05-20T10:02:07.006Z
Summary
Apache Airflow: Ignored Airflow Permissions
Details

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. 

Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

Database specific
{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:airflow:*:*:*:*:*:python:*:*"
    ]
}
References

Affected packages

Bitnami / airflow

Package

Name
airflow
Purl
pkg:bitnami/airflow

Severity

  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.8.0
Fixed
2.8.3