CVE-2023-42780

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 14, 2023

Updated: Oct 18, 2023

CWE ID 200

Summary

CVE-2023-42780 is a security vulnerability affecting Apache Airflow versions prior to 2.7.2. This issue allows authenticated users to view warnings for all DAGs, even if they lacked permission to access those specific DAGs. The disclosure of this information includes dag_ids and stack-traces of import errors for affected DAGs. To mitigate this risk, Apache Airflow users are urged to upgrade to version 2.7.2 or a newer release. This vulnerability could potentially expose sensitive information and impact data security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Airflow

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sroboO
https://www.cve.org/CVERecord?id=CVE-2023-42780
https://nvd.nist.gov/vuln/detail/CVE-2023-42780

Back to Vulnerability Database