CVE-2023-47037

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Nov 12, 2023

Updated: Nov 20, 2023

CWE ID 863

Summary

CVE-2023-47037: A newly discovered vulnerability affects Apache Airflow versions before 2.7.3. Authenticated and DAG-view authorized users can alter some DAG run detail values when submitting notes, potentially changing configuration parameters and start dates. This issue was previously marked as fixed in CVE-2023-40611, but it was not fully addressed. Airflow users are advised to upgrade to version 2.7.3 or later to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Airflow

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tNA2y7
https://www.cve.org/CVERecord?id=CVE-2023-47037
https://nvd.nist.gov/vuln/detail/CVE-2023-47037

Back to Vulnerability Database