PYSEC-2022-11

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2022-11.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2022-11

Aliases

Published

2022-01-20T11:15:00Z

Modified

2023-12-06T01:01:43.208047Z

Summary

[none]

Details

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.

References

Affected packages

PyPI / apache-airflow

Package

Name: apache-airflow; View open source insights on deps.dev
Purl: pkg:pypi/apache-airflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.10.0

Fixed

2.0.0b1

Introduced

2.0.0

Fixed

2.2.0

Affected versions

1.*

1.10.0

1.10.1b1

1.10.1rc2

1.10.1

1.10.2b2

1.10.2rc1

1.10.2rc2

1.10.2rc3

1.10.2

1.10.3b1

1.10.3b2

1.10.3rc1

1.10.3rc2

1.10.3

1.10.4b2

1.10.4rc1

1.10.4rc2

1.10.4rc3

1.10.4rc4

1.10.4rc5

1.10.4

1.10.5rc1

1.10.5

1.10.6rc1

1.10.6rc2

1.10.6

1.10.7rc1

1.10.7rc2

1.10.7rc3

1.10.7

1.10.8rc1

1.10.8

1.10.9rc1

1.10.9

1.10.10rc1

1.10.10rc2

1.10.10rc3

1.10.10rc4

1.10.10rc5

1.10.10

1.10.11rc1

1.10.11rc2

1.10.11

1.10.12rc1

1.10.12rc2

1.10.12rc3

1.10.12rc4

1.10.12

1.10.13rc1

1.10.13

1.10.14rc1

1.10.14rc2

1.10.14rc3

1.10.14rc4

1.10.14

1.10.15rc1

1.10.15

2.*

2.0.0

2.0.1rc1

2.0.1rc2

2.0.1

2.0.2rc1

2.0.2

2.1.0rc1

2.1.0rc2

2.1.0

2.1.1rc1

2.1.1

2.1.2rc1

2.1.2

2.1.3rc1

2.1.3

2.1.4rc1

2.1.4rc2

2.1.4

2.2.0b1

2.2.0b2

2.2.0rc1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2022-11.yaml"