Apache Airflow <=2.8.0 Variable Edit Bypass by Authenticated User
CVE-2023-50783 Published on December 21, 2023
Apache Airflow: Improper access control vulnerability on the "varimport" endpoint
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2023-50783 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2023-50783
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-50783 are published in Apache AirFlow:
Affected Versions
Apache Software Foundation Apache Airflow:- Before 2.8.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.