Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2023-49920

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2023-49920
  • Apache » Airflow » Version: 2.7.0
    cpe:2.3:a:apache:airflow:2.7.0
  • Apache » Airflow » Version: 2.7.1
    cpe:2.3:a:apache:airflow:2.7.1
  • Apache » Airflow » Version: 2.7.2
    cpe:2.3:a:apache:airflow:2.7.2
  • Apache » Airflow » Version: 2.7.3
    cpe:2.3:a:apache:airflow:2.7.3


Products
Pricing
Contact Us

Shodan ® - All rights reserved