admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-427xx/CVE-2023-42780.json

36 lines
1.2 KiB
JSON
Raw Normal View History

Auto-Update: 2023-10-14T12:00:24.611700+00:00
2023-10-14 12:00:28 +00:00
{
"id": "CVE-2023-42780",
"sourceIdentifier": "security@apache.org",
"published": "2023-10-14T10:15:10.303",
Auto-Update: 2023-10-14T18:00:24.634365+00:00
2023-10-14 18:00:28 +00:00
"lastModified": "2023-10-14T17:32:28.813",
"vulnStatus": "Awaiting Analysis",
Auto-Update: 2023-10-14T12:00:24.611700+00:00
2023-10-14 12:00:28 +00:00
"descriptions": [
{
"lang": "en",
"value": "Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/airflow/pull/34355",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d",
"source": "security@apache.org"
}
]
}
Reference in New Issue Copy Permalink