Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB

Apache Airflow: Ignored Airflow Permission

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. 

Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

Permalink: https://github.com/advisories/GHSA-h574-6646-vfxx
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


Identifiers: GHSA-h574-6646-vfxx, CVE-2024-28746
References: Repository: https://github.com/apache/airflow
Blast Radius: 0.0

Affected Packages

pypi:apache-airflow
Dependent packages: 265
Dependent repositories: 1,554
Downloads: 24,276,743 last month
Affected Version Ranges: >= 2.8.0, < 2.8.3rc1
Fixed in: 2.8.3rc1
All affected versions: 2.8.0, 2.8.1, 2.8.2
All unaffected versions: 1.8.1, 1.8.2, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.3, 2.8.4, 2.9.0