CVE-2023-42663
published 2023-10-14CVE-2023-42663: Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | < 2.7.3 | 2.7.3 |
| apache | airflow | < 2.7.2 | 2.7.2 |
| apache_software_foundation | apache_airflow | < 2.7.3 | 2.7.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM