'[oss-security] =?UTF-8?Q?CVE-2023-50783=3A_Apache_Airflow=3A_Impr?= =?UTF-8?Q?oper_access_control_vu'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] =?UTF-8?Q?CVE-2023-50783=3A_Apache_Airflow=3A_Impr?= =?UTF-8?Q?oper_access_control_vu
From:       Ephraim Anierobi <ephraimanierobi () apache ! org>
Date:       2023-12-21 7:05:17
Message-ID: 168cd715-c39b-aadc-0bb0-9bda2b06da0a () apache ! org
[Download RAW message or body]

Severity: low

Affected versions:

- Apache Airflow before 2.8.0

Description:

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an \
authenticated user without the variable edit permission, to update a variable. This flaw \
compromises the integrity of variable management, potentially leading to unauthorized data \
modification. Users are recommended to upgrade to 2.8.0, which fixes this issue

Credit:

balis0ng (finder)
Ephraim Anierobi (remediation developer)

References:

https://github.com/apache/airflow/pull/33932
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-50783

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic