GHSA-h574-6646-vfxx

Suggest an improvement
Source
https://github.com/advisories/GHSA-h574-6646-vfxx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-h574-6646-vfxx/GHSA-h574-6646-vfxx.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h574-6646-vfxx
Aliases
Published
2024-03-14T09:31:05Z
Modified
2024-12-06T05:38:53.740035Z
Summary
Apache Airflow: Ignored Airflow Permission
Details

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. 

Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

Database specific
{
    "nvd_published_at": "2024-03-14T09:15:47Z",
    "cwe_ids": [
        "CWE-281"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-15T14:19:23Z"
}
References

Affected packages

PyPI / apache-airflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.8.0
Fixed
2.8.3rc1

Affected versions

2.*

2.8.0
2.8.1rc1
2.8.1
2.8.2rc1
2.8.2rc2
2.8.2rc3
2.8.2