CVE-2023-50944

CVE-2023-50944: Apache Airflow: Bypass permission verification to read code of other dags

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-862 · Missing authorization

Published January 24, 2024

Last update June 11, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Key dates

Disclosure timeline

January 24, 2024 CVE published

June 11, 2025 Record updated