How severe is CVE-2024-26280?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2024-26280?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2024-26280 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Related Vulnerabilities

CVE-2024-26302

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit ...

CWE-2762024

CVE-2013-4763

MEDIUM

CVSS:4.6(Medium)

Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.

CWE-2762013

CVE-2022-20465

MEDIUM

CVSS:4.6(Medium)

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of pr...

CWE-2762022

CVE-2024-40514

MEDIUM

CVSS:4.6(Medium)

Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions.

CWE-2762024

CVE-2018-9085

MEDIUM

CVSS:4.9(Medium)

A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flas...

CWE-2762018

CVE-2020-24402

MEDIUM

CVSS:4.9(Medium)

Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability in the Integrations component. This vulnerability could be abused by authenticated users with per...

CWE-2762020