CVE-2023-50783 Information

Description

Apache Airflow versions before 2.8.0 is affected by a vulnerability that allows an authenticated user without the variable edit permission to update a variable. This flaw compromises the integrity of variable management potentially leading to unauthorized data modification. Users are recommended to upgrade to 2.8.0 which fixes this issue

Reference

https://github.com/apache/airflow/pull/33932 https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn http://www.openwall.com/lists/oss-security/2023/12/21/4