CVE-2023-37379

Name: CVE-2023-37379
Creator: NVD / NIST
Published: 2023-08-23T16:15:09.33+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.1/10EPSS 1.49%

Last modified Jun 17, 2026

CVE-2023-37379 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. EPSS estimates a 1.49% chance of exploitation in the next 30 days.

Description

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Metrics

CVSS 3.1

8.1/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

EPSS Probability

1.49%

70.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Apache	Airflow	< 2.7.0

References

http://www.openwall.com/lists/oss-security/2023/08/23/4Mailing List, Third Party Advisory
https://github.com/apache/airflow/pull/32052Patch
https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571rVendor Advisory
http://www.openwall.com/lists/oss-security/2023/08/23/4Mailing List, Third Party Advisory
https://github.com/apache/airflow/pull/32052Patch
https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571rVendor Advisory

Timeline

Published: Aug 23, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-37379?

How severe is CVE-2023-37379?

CVE-2023-37379 has a CVSS score of 8.1/10 (HIGH severity). The EPSS model estimates a 1.49% probability of exploitation in the next 30 days.

How do I fix CVE-2023-37379?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-37379?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST