CVE-2023-47037

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
12/11/2023
Last modified:
13/02/2025

Description

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. <br /> <br /> Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. <br /> <br /> Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* 2.7.3 (excluding)