Nixpkgs security tracker
Untriaged
Permalink
CVE-2024-28746
8.1 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): NONE
Apache Airflow: Ignored Airflow Permissions
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
References
-
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 vendor-advisory
-
-
-
http://www.openwall.com/lists/oss-security/2024/03/13/5 x_transferred
-
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 vendor-advisory
-
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 vendor-advisory
-
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 vendor-advisory
-
-
-
http://www.openwall.com/lists/oss-security/2024/03/13/5 x_transferred
-
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 vendor-advisory
-
-
-
http://www.openwall.com/lists/oss-security/2024/03/13/5 x_transferred
-
https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 vendor-advisory
-
-
-
http://www.openwall.com/lists/oss-security/2024/03/13/5 x_transferred
Affected products
apache-airflow
- <2.8.3
Matching in nixpkgs
pkgs.apache-airflow
Programmatically author, schedule and monitor data pipelines
Package maintainers
-
@ingenieroariel Ariel Nunez <ariel@nunez.co>
-
@gbpdt Graham Bennett <nix@pdtpartners.com>
-
@bhipple Benjamin Hipple <bhipple@protonmail.com>