CVE-2023-35908

CVE-2023-35908: Apache Airflow: Access to DAGs without relevant permission

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-863 · Incorrect authorization

Published July 12, 2023

Last update October 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected

Key dates

Disclosure timeline

July 12, 2023 CVE published

October 4, 2024 Record updated