CVE-2023-50944 Vulnerability Details

  /     /     /  

CVE-2023-50944 Metadata Quick Info

CVE Published: 24/01/2024 | CVE Updated: 12/09/2024 | CVE Year: 2023
Source: apache | Vendor: Apache Software Foundation | Product: Apache Airflow
Status : PUBLISHED

---

CVE-2023-50944 Description

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don\'t have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-862
CWE Name: CWE-862 Missing Authorization
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).