CVE-2023-35908

Apache Airflow: Access to DAGs without relevant permission

EPSS 0.8%CWE-863

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

12 Jul 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected

Affected products

Apache Software Foundation · Apache Airflow

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/apache/airflow/pull/32014 https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw