Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-27906

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Published

2024-02-29T11:15:08.920

Last Modified

2025-05-06T14:15:34.383

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-862
Type: Secondary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	airflow	< 2.8.2	Yes

References

https://github.com/apache/airflow/pull/37290 Broken Link ([email protected])
https://github.com/apache/airflow/pull/37468 Issue Tracking ([email protected])
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5 Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/02/29/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/airflow/pull/37290 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/airflow/pull/37468 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)