6.5
CVE-2023-50783
- EPSS 1.39%
- Veröffentlicht 21.12.2023 10:15:36
- Zuletzt bearbeitet 21.11.2024 08:37:18
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Airflow: Improper access control vulnerability on the "varimport" endpoint
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.39% | 0.688 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
http://www.openwall.com/lists/oss-security/2023/12/21/4
https://github.com/apache/airflow/pull/33932
https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn