CVE-2024-27906
Last modified
CVE-2024-27906 is a medium-severity vulnerability rated 5.9/10 on the CVSS scale. Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Airflow | < 2.8.2 |
References
- https://github.com/apache/airflow/pull/37290Broken Link
- https://github.com/apache/airflow/pull/37468Issue Tracking
- https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5Mailing List, Vendor Advisory
- https://github.com/apache/airflow/pull/37290Broken Link
- https://github.com/apache/airflow/pull/37468Issue Tracking
- https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5Mailing List, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-27906?
How severe is CVE-2024-27906?
How do I fix CVE-2024-27906?
Are you affected by CVE-2024-27906?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST