QwikSec

Security Database

CVE

CWE

Training

CVE-2024-28746

Published: Mar 14, 2024

Modified: Mar 20, 2025

PUBLISHED

Description

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability

Vendor	Product	Versions
Apache Software Foundation	Apache Airflow	affected `2.8.0 - < 2.8.3`

Weaknesses (CWE)

References

https://github.com/apache/airflow/pull/37881

patch

https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/03/13/5

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.