Severity: low Affected versions:
- Apache Airflow before 2.8.0 Description: Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0, which fixes this issue Credit: balis0ng (finder) Ephraim Anierobi (remediation developer) References: https://github.com/apache/airflow/pull/33932 https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-50783 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@airflow.apache.org For additional commands, e-mail: users-h...@airflow.apache.org
