Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-03-14T08:41:03.928Z
Updated: 2024-08-02T00:56:58.123Z
Reserved: 2024-03-08T08:28:25.706Z
Link: CVE-2024-28746
Vulnrichment
Updated: 2024-05-23T19:01:17.939Z
NVD
Status : Awaiting Analysis
Published: 2024-03-14T09:15:47.577
Modified: 2024-05-01T19:15:22.510
Link: CVE-2024-28746
Redhat
No data.