An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1yN3g2LXhmY20tM214ds4AA3Cw

Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 16 days ago
Updated: 8 days ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-r7x6-xfcm-3mxv, CVE-2023-42781

Affected Packages

Versions: < 2.7.3
Fixed in: 2.7.3