CVE-2024-28746
Apache Airflow: Ignored Airflow Permissions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
Apache Airflow, versiones 2.8.0 a 2.8.2, tiene una vulnerabilidad que permite a un usuario autenticado con permisos limitados acceder a recursos como variables, conexiones, etc. desde la interfaz de usuario a la que no tiene permiso para acceder. Se recomienda a los usuarios de Apache Airflow actualizar a la versión 2.8.3 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-03-08 CVE Reserved
- 2024-03-14 CVE Published
- 2024-05-02 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-281: Improper Preservation of Permissions
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2024/03/13/5 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/apache/airflow/pull/37881 | 2024-05-01 |
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 | 2024-05-01 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Airflow Search vendor "Apache Software Foundation" for product "Apache Airflow" | >= 2.8.0 < 2.8.3 Search vendor "Apache Software Foundation" for product "Apache Airflow" and version " >= 2.8.0 < 2.8.3" | en |
Affected
|