CVE-2024-28746

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-28746

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28746.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-28746

Aliases

Published

2024-03-14T09:15:47.577Z

Modified

2026-04-10T05:11:32.567787Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.

Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type

GIT

Repo

https://github.com/apache/airflow

Events

Introduced

12be346adc9f2b96781c5c5341d62e6a49a8d1cf

Fixed

492ecfe5c03102bfb710108038ebd5fc50cb55b5

Database specific

{
    "versions": [
        {
            "introduced": "2.8.0"
        },
        {
            "fixed": "2.8.3"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28746.json"