x/vulndb: potential Go vuln in github.com/apache/airflow: CVE-2024-26280 #2596
Assignees
Labels
excluded: NOT_GO_CODE
This vulnerability does not refer to a Go module.
Comments
jba
added
the
excluded: NOT_GO_CODE
|
Change https://go.dev/cl/569495 mentions this issue: |
This was referenced Apr 3, 2024
This was referenced Apr 18, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2024-26280 references github.com/apache/airflow, which may be a Go module.
Description:
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
References:
Cross references:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: