Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 20, 2022Rewterz Threat Advisory – Multiple Oracle Vulnerabilities
January 20, 2022Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
January 20, 2022Rewterz Threat Advisory – Multiple Oracle Vulnerabilities
January 20, 2022Severity
Medium
Analysis Summary
CVE-2021-45230
Apache Airflow could allow a remote authenticated attacker to bypass security restrictions, caused by improper permission validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to create Dag Runs for dags that they don’t have “edit” permissions for.
Impact
- Security Bypass
Affected Vendors
Apache
Affected Products
- Apache Airflow 2.0.0
- Apache Airflow 2.1.0
- Apache Airflow 1.10.0
Remediation
Upgrade to the latest version of Apache Airflow, available from the Apache Web site.