CVSS 3.1 Score 8.8 of 10 (high)


Published Aug 5, 2023
Updated: Aug 9, 2023
CWE ID 250
CWE ID 200


CVE-2023-39508 is a vulnerability that affects Apache Airflow versions before 2.6.0. The vulnerability, known as "Execution with Unnecessary Privileges" and "Exposure of Sensitive Information to an Unauthorized Actor," allows authenticated users to bypass certain restrictions in the software. This bypass enables the execution of code in the webserver context and allows access to restricted DAGs. The feature responsible for this issue, called "Run Task," has been completely removed in Airflow 2.6.0 due to its dangerous nature. The vulnerability has a base severity rating of HIGH according to NIST, with potential impacts including unauthorized access to sensitive information and compromised system integrity. Organizations using affected versions of Apache Airflow should update to version 2.6.0 or later to remediate this vulnerability and mitigate potential risks.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39508 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options