You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Ephraim Anierobi <ep...@apache.org> on 2023/12/21 07:05:17 UTC

CVE-2023-50783: Apache Airflow: Improper access control vulnerability on the "varimport" endpoint

Severity: low

Affected versions:

- Apache Airflow before 2.8.0

Description:

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue

Credit:

balis0ng (finder)
Ephraim Anierobi (remediation developer)

References:

https://github.com/apache/airflow/pull/33932
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-50783