CVE-2024-27906

MEDIUM Year: 2024
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-862
View all →

Vulnerability Description

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

Related Vulnerabilities

CVE-2017-7677

MEDIUM
CVSS:5.9(Medium)

In environments that use external location for hive tables, Hive Authorizer in Apache Ranger before 0.7.1 should be checking RWX permission for create table.

CWE-8622017

CVE-2019-0201

MEDIUM
CVSS:5.9(Medium)

An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and retur...

CWE-8622019

CVE-2020-4175

MEDIUM
CVSS:5.9(Medium)

IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit t...

CWE-8622020

CVE-2020-4413

MEDIUM
CVSS:5.9(Medium)

IBM Security Secret Server 10.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this v...

CWE-8622020

CVE-2020-4783

MEDIUM
CVSS:5.9(Medium)

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker coul...

CWE-8622020

CVE-2020-4841

MEDIUM
CVSS:5.9(Medium)

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this v...

CWE-8622020