CVE-2023-42663

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 14, 2023

Updated: Jan 12, 2024

CWE ID 200

Summary

CVE-2023-42663 is a newly discovered vulnerability in Apache Airflow versions prior to 2.7.2. This issue grants authorized users, who have access to read certain DAGs, the ability to view information about task instances in other unrelated DAGs. This cross- DAG information disclosure poses a potential security risk. To mitigate this vulnerability, it is recommended that Apache Airflow users upgrade to version 2.7.2 or newer as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Airflow

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/squWO2
https://www.cve.org/CVERecord?id=CVE-2023-42663
https://nvd.nist.gov/vuln/detail/CVE-2023-42663

Back to Vulnerability Database