Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-28746

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

Published

2024-03-14T09:15:47.577

Last Modified

2025-03-20T19:15:28.523

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.1 (HIGH)

Weaknesses

Type: Primary
CWE-281

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	airflow	< 2.8.3	Yes

References

http://www.openwall.com/lists/oss-security/2024/03/13/5 Mailing List, Third Party Advisory ([email protected])
https://github.com/apache/airflow/pull/37881 Patch ([email protected])
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/03/13/5 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/airflow/pull/37881 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)