Exposure of Resource to Wrong Sphere

CVE-2023-42792

Medium

6.5/10

Summary

Apache Airflow contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

Advisory
Pull request
Mail Thread

Advisory Timeline

Published Oct 14, 2023

Exposure of Resource to Wrong Sphere

CVE-2023-42792

Summary

CWE-668 - Exposure of Resource to Wrong Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS