Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
Permalink: https://github.com/advisories/GHSA-h574-6646-vfxxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago
Identifiers: GHSA-h574-6646-vfxx, CVE-2024-28746
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-28746
- https://github.com/apache/airflow/pull/37881
- https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7
- https://github.com/apache/airflow/commit/89e7f3e7bdf2126bbbcd959dc10d65ef92773cca
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-46.yaml
- https://github.com/advisories/GHSA-h574-6646-vfxx
Blast Radius: 0.0
Affected Packages
pypi:apache-airflow
Dependent packages: 265Dependent repositories: 1,554
Downloads: 23,907,809 last month
Affected Version Ranges: >= 2.8.0, < 2.8.3rc1
Fixed in: 2.8.3rc1
All affected versions: 2.8.0, 2.8.1, 2.8.2
All unaffected versions: 1.8.1, 1.8.2, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.10.5, 1.10.6, 1.10.7, 1.10.8, 1.10.9, 1.10.10, 1.10.11, 1.10.12, 1.10.13, 1.10.14, 1.10.15, 2.0.0, 2.0.1, 2.0.2, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.8.3, 2.8.4, 2.9.0