CVE-2023-42663

Medium

6.5/10

Summary

Apache Airflow, versions prior to 2.7.2rc1, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

References

Advisory
Pull request
Mail Thread

Advisory Timeline

Published Oct 14, 2023

CVE-2023-42663

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS