CVE-2023-37379
CVSS 3.1 Score 8.1 of 10 (high)
Details
Summary
CVE-2023-37379 is a security vulnerability affecting Apache Airflow versions before 2.7.0. This issue enables authenticated users with Connection edit privileges to access sensitive connection information and exploit the test connection feature through excessive usage. The result is a denial of service (DoS) condition on the server, and malicious actors can potentially establish harmful connections. It is strongly recommended that Apache Airflow users upgrade to version 2.7.0 or later to eliminate the risk. Administrators should also consider revising user permissions to minimize access to sensitive functionalities.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Apache Airflow
Affected Vendors
- Apache Software Foundation