CVE-2023-42781 Information

Description

Apache Airflow versions before 2.7.3 has a vulnerability that allows an authorized user who has access to read specific DAGs only to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Reference

https://github.com/apache/airflow/pull/34939 https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1 http://www.openwall.com/lists/oss-security/2023/11/12/2