mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
104 lines
3.3 KiB
JSON
104 lines
3.3 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-27906",
|
|
"ASSIGNER": "security@apache.org",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-668 Exposure of Resource to Wrong Sphere",
|
|
"cweId": "CWE-668"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Apache Software Foundation",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache Airflow",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "<",
|
|
"version_name": "0",
|
|
"version_value": "2.8.2"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://github.com/apache/airflow/pull/37290",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/apache/airflow/pull/37290"
|
|
},
|
|
{
|
|
"url": "https://github.com/apache/airflow/pull/37468",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/apache/airflow/pull/37468"
|
|
},
|
|
{
|
|
"url": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5",
|
|
"refsource": "MISC",
|
|
"name": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5"
|
|
},
|
|
{
|
|
"url": "http://www.openwall.com/lists/oss-security/2024/02/29/1",
|
|
"refsource": "MISC",
|
|
"name": "http://www.openwall.com/lists/oss-security/2024/02/29/1"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Alex Liotta"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "Sreenivasulu Suuda"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "vincbeck (Vincent)"
|
|
},
|
|
{
|
|
"lang": "en",
|
|
"value": "Jed Cunningham"
|
|
}
|
|
]
|
|
} |