Apache Airflow Improper Access Control vulnerability
Moderate severity
GitHub Reviewed
Published
Dec 21, 2023
to the GitHub Advisory Database
•
Updated Nov 21, 2024
Description
Published by the National Vulnerability Database
Dec 21, 2023
Published to the GitHub Advisory Database
Dec 21, 2023
Reviewed
Dec 21, 2023
Last updated
Nov 21, 2024
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue.
References