CVE-2024-28746

Published Mar 14, 2024

Last updated 10 days ago

CVSS high 8.1

Overview

Description: Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

Weaknesses

security@apache.org: CWE-281

Hype score: Not currently trending

🟠 Apache Airflow, Ignored Airflow Permissions (#CVE-2024-28746 - Moderate) https://t.co/ju3kwi4FiZ
@dailycve
11 Dec 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53B425B5-D83E-4A41-85DF-51DFCFD935E9",
            "versionEndExcluding": "2.8.3",
            "versionStartIncluding": "2.8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References