Skip to main content

Exposure of Resource to Wrong Sphere

CVE-2024-27906

Severity Medium
Score 5.7/10

Summary

In apache-airflow package versions prior to 2.8.2rc2, it has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs, for which they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to a fixed version or newer to mitigate the risk associated with this vulnerability.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • REQUIRED
  • LOW
  • HIGH
  • NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Advisory Timeline

  • Published