CVE-2024-28746

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-28746

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28746.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-28746

Aliases

Published

2024-03-14T09:15:47.577Z

Modified

2025-11-20T12:27:04.009831Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.

Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type: GIT
Repo: https://github.com/apache/airflow
Events: Introduced

12be346adc9f2b96781c5c5341d62e6a49a8d1cf

Fixed

492ecfe5c03102bfb710108038ebd5fc50cb55b5

Affected versions

providers-airbyte/5.*

providers-airbyte/5.2.5

providers-airbyte/5.2.5rc1

providers-alibaba/3.*

providers-alibaba/3.2.5

providers-alibaba/3.2.5rc1

providers-amazon/9.*

providers-amazon/9.17.0

providers-amazon/9.17.0rc1

providers-apache-beam/6.*

providers-apache-beam/6.1.7

providers-apache-beam/6.1.7rc1

providers-apache-cassandra/3.*

providers-apache-cassandra/3.8.4

providers-apache-cassandra/3.8.4rc1

providers-apache-drill/3.*

providers-apache-drill/3.1.4

providers-apache-drill/3.1.4rc1

providers-apache-druid/4.*

providers-apache-druid/4.3.1

providers-apache-druid/4.3.1rc1

providers-apache-flink/1.*

providers-apache-flink/1.7.4

providers-apache-flink/1.7.4rc1

providers-apache-hdfs/4.*

providers-apache-hdfs/4.10.5

providers-apache-hdfs/4.10.5rc1

providers-apache-hive/9.*

providers-apache-hive/9.1.4

providers-apache-hive/9.1.4rc1

providers-apache-iceberg/1.*

providers-apache-iceberg/1.3.4

providers-apache-iceberg/1.3.4rc1

providers-apache-impala/1.*

providers-apache-impala/1.7.4

providers-apache-impala/1.7.4rc1

providers-apache-kafka/1.*

providers-apache-kafka/1.10.6

providers-apache-kafka/1.10.6rc1

providers-apache-kylin/3.*

providers-apache-kylin/3.9.3

providers-apache-kylin/3.9.3rc1

providers-apache-livy/4.*

providers-apache-livy/4.4.5

providers-apache-livy/4.4.5rc1

providers-apache-pig/4.*

providers-apache-pig/4.7.4

providers-apache-pig/4.7.4rc1

providers-apache-pinot/4.*

providers-apache-pinot/4.8.4

providers-apache-pinot/4.8.4rc1

providers-apache-spark/5.*

providers-apache-spark/5.3.4

providers-apache-spark/5.3.4rc1

providers-apache-tinkerpop/1.*

providers-apache-tinkerpop/1.0.5

providers-apache-tinkerpop/1.0.5rc1

providers-apprise/2.*

providers-apprise/2.2.0rc1

providers-arangodb/2.*

providers-arangodb/2.8.4

providers-arangodb/2.8.4rc1

providers-asana/2.*

providers-asana/2.10.4

providers-asana/2.10.4rc1

providers-atlassian-jira/3.*

providers-atlassian-jira/3.2.1

providers-atlassian-jira/3.2.1rc1

providers-celery/3.*

providers-celery/3.13.1

providers-celery/3.13.1rc1

providers-cloudant/4.*

providers-cloudant/4.2.3

providers-cloudant/4.2.3rc1

providers-cncf-kubernetes/10.*

providers-cncf-kubernetes/10.10.0

providers-cncf-kubernetes/10.10.0rc1

providers-cohere/1.*

providers-cohere/1.5.4

providers-cohere/1.5.4rc1

providers-common-compat/1.*

providers-common-compat/1.9.0

providers-common-compat/1.9.0rc1

providers-common-io/1.*

providers-common-io/1.6.5

providers-common-io/1.6.5rc1

providers-common-messaging/2.*

providers-common-messaging/2.0.1

providers-common-messaging/2.0.1rc1

providers-common-sql/1.*

providers-common-sql/1.29.0

providers-common-sql/1.29.0rc1

providers-databricks/7.*

providers-databricks/7.7.5

providers-databricks/7.7.5rc1

providers-datadog/3.*

providers-datadog/3.9.3

providers-datadog/3.9.3rc1

providers-dbt-cloud/4.*

providers-dbt-cloud/4.5.0

providers-dbt-cloud/4.5.0rc1

providers-dingding/3.*

providers-dingding/3.8.3

providers-dingding/3.8.3rc1

providers-discord/3.*

providers-discord/3.10.3

providers-discord/3.10.3rc1

providers-docker/4.*

providers-docker/4.4.5

providers-docker/4.4.5rc1

providers-edge3/1.*

providers-edge3/1.5.0

providers-edge3/1.5.0rc1

providers-elasticsearch/6.*

providers-elasticsearch/6.3.5

providers-elasticsearch/6.3.5rc1

providers-exasol/4.*

providers-exasol/4.8.4

providers-exasol/4.8.4rc1

providers-fab/3.*

providers-fab/3.0.2

providers-fab/3.0.2rc1

providers-facebook/3.*

providers-facebook/3.8.3

providers-facebook/3.8.3rc1

providers-ftp/3.*

providers-ftp/3.13.3

providers-ftp/3.13.3rc1

providers-git/0.*

providers-git/0.1.0

providers-git/0.1.0rc1

providers-github/2.*

providers-github/2.9.4

providers-github/2.9.4rc1

providers-google/19.*

providers-google/19.0.0

providers-google/19.0.0rc1

providers-grpc/3.*

providers-grpc/3.8.3

providers-grpc/3.8.3rc1

providers-hashicorp/4.*

providers-hashicorp/4.3.4

providers-hashicorp/4.3.4rc1

providers-http/5.*

providers-http/5.5.0

providers-http/5.5.0rc1

providers-imap/3.*

providers-imap/3.9.4

providers-imap/3.9.4rc1

providers-influxdb/2.*

providers-influxdb/2.9.4

providers-influxdb/2.9.4rc1

providers-jdbc/5.*

providers-jdbc/5.2.5

providers-jdbc/5.2.5rc1

providers-jenkins/4.*

providers-jenkins/4.1.5

providers-jenkins/4.1.5rc1

providers-keycloak/0.*

providers-keycloak/0.3.0

providers-keycloak/0.3.0rc1

providers-microsoft-azure/12.*

providers-microsoft-azure/12.8.1

providers-microsoft-azure/12.8.1rc1

providers-microsoft-mssql/4.*

providers-microsoft-mssql/4.3.3

providers-microsoft-mssql/4.3.3rc1

providers-microsoft-psrp/3.*

providers-microsoft-psrp/3.1.6

providers-microsoft-psrp/3.1.6rc1

providers-microsoft-winrm/3.*

providers-microsoft-winrm/3.12.0

providers-microsoft-winrm/3.12.0rc1

providers-mongo/5.*

providers-mongo/5.2.3

providers-mongo/5.2.3rc1

providers-mysql/6.*

providers-mysql/6.3.5

providers-mysql/6.3.5rc1

providers-neo4j/3.*

providers-neo4j/3.10.3

providers-neo4j/3.10.3rc1

providers-odbc/4.*

providers-odbc/4.10.3

providers-odbc/4.10.3rc1

providers-openai/1.*

providers-openai/1.6.4

providers-openai/1.6.4rc1

providers-openfaas/3.*

providers-openfaas/3.8.3

providers-openfaas/3.8.3rc1

providers-openlineage/2.*

providers-openlineage/2.8.0

providers-openlineage/2.8.0rc1

providers-opensearch/1.*

providers-opensearch/1.7.5

providers-opensearch/1.7.5rc1

providers-opsgenie/5.*

providers-opsgenie/5.9.3

providers-opsgenie/5.9.3rc1

providers-oracle/4.*

providers-oracle/4.2.1

providers-oracle/4.2.1rc1

providers-pagerduty/5.*

providers-pagerduty/5.1.1

providers-pagerduty/5.1.1rc1

providers-papermill/3.*

providers-papermill/3.11.4

providers-papermill/3.11.4rc1

providers-pgvector/1.*

providers-pgvector/1.5.4

providers-pgvector/1.5.4rc1

providers-pinecone/2.*

providers-pinecone/2.3.5

providers-pinecone/2.3.5rc1

providers-postgres/6.*

providers-postgres/6.4.1

providers-postgres/6.4.1rc1

providers-presto/5.*

providers-presto/5.9.4

providers-presto/5.9.4rc1

providers-qdrant/1.*

providers-qdrant/1.4.4

providers-qdrant/1.4.4rc1

providers-redis/4.*

providers-redis/4.3.3

providers-redis/4.3.3rc1

providers-salesforce/5.*

providers-salesforce/5.11.4

providers-salesforce/5.11.4rc1

providers-samba/4.*

providers-samba/4.11.1

providers-samba/4.11.1rc1

providers-segment/3.*

providers-segment/3.8.3

providers-segment/3.8.3rc1

providers-sendgrid/4.*

providers-sendgrid/4.1.5

providers-sendgrid/4.1.5rc1

providers-sftp/5.*

providers-sftp/5.4.2

providers-sftp/5.4.2rc1

providers-singularity/3.*

providers-singularity/3.8.3

providers-singularity/3.8.3rc1

providers-slack/9.*

providers-slack/9.5.0rc1

providers-smtp/2.*

providers-smtp/2.3.2

providers-smtp/2.3.2rc1

providers-snowflake/6.*

providers-snowflake/6.6.1

providers-snowflake/6.6.1rc1

providers-sqlite/4.*

providers-sqlite/4.1.3

providers-sqlite/4.1.3rc1

providers-ssh/4.*

providers-ssh/4.1.6

providers-ssh/4.1.6rc1

providers-standard/1.*

providers-standard/1.9.2

providers-standard/1.9.2rc1

providers-tableau/5.*

providers-tableau/5.2.2

providers-tableau/5.2.2rc1

providers-telegram/4.*

providers-telegram/4.8.4

providers-telegram/4.8.4rc1

providers-teradata/3.*

providers-teradata/3.2.3

providers-teradata/3.2.3rc1

providers-trino/6.*

providers-trino/6.3.5

providers-trino/6.3.5rc1

providers-vertica/4.*

providers-vertica/4.1.4

providers-vertica/4.1.4rc1

providers-weaviate/3.*

providers-weaviate/3.2.5

providers-weaviate/3.2.5rc1

providers-yandex/4.*

providers-yandex/4.2.1

providers-yandex/4.2.1rc1

providers-ydb/2.*

providers-ydb/2.2.3

providers-ydb/2.2.3rc1

providers-zendesk/4.*

providers-zendesk/4.10.4

providers-zendesk/4.10.4rc1

Other

providers/2025-11-14