Rewterz Threat Alert – New Open-Source Xeno RAT Emerges on GitHub as Severe Threat – Active IOCs
March 1, 2024Rewterz Threat Alert – Russia-Linked APT28 Launches Stealthy Attacks Using Compromised Ubiquiti Routers – Active IOCs
March 3, 2024Rewterz Threat Alert – New Open-Source Xeno RAT Emerges on GitHub as Severe Threat – Active IOCs
March 1, 2024Rewterz Threat Alert – Russia-Linked APT28 Launches Stealthy Attacks Using Compromised Ubiquiti Routers – Active IOCs
March 3, 2024Severity
Medium
Analysis Summary
CVE-2024-27906
Apache Airflow could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to view DAG code and import errors of DAGs, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-27906
Affected Vendors
Apache
Affected Products
- Apache Airflow 2.8.1
Remediation
Upgrade to the latest version of Apache Airflow, available from the Apache Website.