CVE-2023-42781

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 12, 2023

Updated: Nov 20, 2023

CWE ID 200

Summary

CVE-2023-42781 is a newly disclosed vulnerability in Apache Airflow versions before 2.7.3. This issue grants authorized users, who have access to read specific DAGs, the ability to view information on task instances from other unrelated DAGs. Although this issue differs from CVE-2023-42663, it results in similar privacy concerns. To minimize the risk, it is recommended that Apache Airflow users upgrade to version 2.7.3 or later.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Airflow

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/srqAJX
https://www.cve.org/CVERecord?id=CVE-2023-42781
https://nvd.nist.gov/vuln/detail/CVE-2023-42781

Back to Vulnerability Database