Home > Vulnerability Database > CVE-2023-50944

Mend.io Vulnerability Database

CVE-2023-50944

Good to know:

Date: January 24, 2024

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Language: Python

Severity Score

6.5

Related Resources (8)

Url: https://github.com/apache/airflow/pull/36257

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-50944

Url: https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h

Url: https://github.com/apache/airflow

Url: http://www.openwall.com/lists/oss-security/2024/01/24/5

Url: https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml

Url: https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1

Url: https://www.mend.io/vulnerability-database/CVE-2023-50944

Severity Score

6.5

Weakness Type (CWE)

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version apache-airflow - 2.8.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-50944

Good to know:

Date: January 24, 2024

Language: Python

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?