PYSEC-2023-232

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2023-232.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2023-232

Aliases

Published

2023-11-12T14:15:00Z

Modified

2023-11-21T08:11:36.286297Z

Summary

[none]

Details

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.

Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

References

Affected packages

PyPI / apache-airflow

Package

Name: apache-airflow; View open source insights on deps.dev
Purl: pkg:pypi/apache-airflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.7.3

Affected versions

1.*

1.8.1

1.8.2rc1

1.8.2

1.9.0

1.10.0

1.10.1b1

1.10.1rc2

1.10.1

1.10.2b2

1.10.2rc1

1.10.2rc2

1.10.2rc3

1.10.2

1.10.3b1

1.10.3b2

1.10.3rc1

1.10.3rc2

1.10.3

1.10.4b2

1.10.4rc1

1.10.4rc2

1.10.4rc3

1.10.4rc4

1.10.4rc5

1.10.4

1.10.5rc1

1.10.5

1.10.6rc1

1.10.6rc2

1.10.6

1.10.7rc1

1.10.7rc2

1.10.7rc3

1.10.7

1.10.8rc1

1.10.8

1.10.9rc1

1.10.9

1.10.10rc1

1.10.10rc2

1.10.10rc3

1.10.10rc4

1.10.10rc5

1.10.10

1.10.11rc1

1.10.11rc2

1.10.11

1.10.12rc1

1.10.12rc2

1.10.12rc3

1.10.12rc4

1.10.12

1.10.13rc1

1.10.13

1.10.14rc1

1.10.14rc2

1.10.14rc3

1.10.14rc4

1.10.14

1.10.15rc1

1.10.15

2.*

2.0.0b1

2.0.0b2

2.0.0b3

2.0.0rc1

2.0.0rc2

2.0.0rc3

2.0.0

2.0.1rc1

2.0.1rc2

2.0.1

2.0.2rc1

2.0.2

2.1.0rc1

2.1.0rc2

2.1.0

2.1.1rc1

2.1.1

2.1.2rc1

2.1.2

2.1.3rc1

2.1.3

2.1.4rc1

2.1.4rc2

2.1.4

2.2.0b1

2.2.0b2

2.2.0rc1

2.2.0

2.2.1rc1

2.2.1rc2

2.2.1

2.2.2rc1

2.2.2rc2

2.2.2

2.2.3rc1

2.2.3rc2

2.2.3

2.2.4rc1

2.2.4

2.2.5rc1

2.2.5rc2

2.2.5rc3

2.2.5

2.3.0b1

2.3.0rc1

2.3.0rc2

2.3.0

2.3.1rc1

2.3.1

2.3.2rc1

2.3.2rc2

2.3.2

2.3.3rc1

2.3.3rc2

2.3.3rc3

2.3.3

2.3.4rc1

2.3.4

2.4.0b1

2.4.0rc1

2.4.0

2.4.1rc1

2.4.1

2.4.2rc1

2.4.2

2.4.3rc1

2.4.3

2.5.0rc1

2.5.0rc2

2.5.0rc3

2.5.0

2.5.1rc1

2.5.1rc2

2.5.1

2.5.2rc1

2.5.2rc2

2.5.2

2.5.3rc1

2.5.3rc2

2.5.3

2.6.0b1

2.6.0rc1

2.6.0rc2

2.6.0rc3

2.6.0rc4

2.6.0rc5

2.6.0

2.6.1rc1

2.6.1rc2

2.6.1rc3

2.6.1

2.6.2rc1

2.6.2rc2

2.6.2

2.6.3rc1

2.6.3

2.7.0b1

2.7.0rc1

2.7.0rc2

2.7.0

2.7.1rc1

2.7.1rc2

2.7.1

2.7.2rc1

2.7.2

2.7.3rc1