CVE-2021-45230

CVE-2021-45230: Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver

Vendor Apache Software Foundation

Product Apache Airflow

Published January 20, 2022

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.

Key dates

Disclosure timeline

January 20, 2022 CVE published

August 4, 2024 Record updated

Identifiers

CVE CVE-2021-45230

Affected versions

Vendor Apache Software Foundation

Product Apache Airflow

Affected Apache Airflow 1.10 1.10.0 to 1.10.15

Vendor Apache Software Foundation

Product Apache Airflow

Affected ≥ Apache Airflow 2 and < 2.2.0