CVE-2023-37379

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Aug 23, 2023
Updated: Aug 29, 2023
CWE ID 918
CWE ID 400
CWE ID 200

Summary

CVE-2023-37379 is a security vulnerability affecting Apache Airflow versions before 2.7.0. This issue enables authenticated users with Connection edit privileges to access sensitive connection information and exploit the test connection feature through excessive usage. The result is a denial of service (DoS) condition on the server, and malicious actors can potentially establish harmful connections. It is strongly recommended that Apache Airflow users upgrade to version 2.7.0 or later to eliminate the risk. Administrators should also consider revising user permissions to minimize access to sensitive functionalities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Airflow

Affected Vendors

  • Apache Software Foundation