漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Airflow Dag Runs Broken Access Control Vulnerability
Vulnerability Description
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
Apache Airflow 安全漏洞
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2.7.1 之前版本存在安全漏洞,该漏洞源于允许经过身份验证和 DAG 查看授权的用户在提交注释时修改某些 DAG 运行详细信息值,这可能会让他们更改配置参数、开始日期等详细信息。
CVSS Information
N/A
Vulnerability Type
N/A