Vulnerability Database

296,317

Total vulnerabilities in the database

CVE-2021-45230

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.

Published: Jan 20, 2022
Updated: May 9, 2024
CVE: CVE-2021-45230
GHSA: GHSA-4jh2-3c85-q67h
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
apache / airflow	1.10.0	1.10.15.x
apache / airflow	2.0.0	2.2.0
apache-airflow	-	2.2.0

https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl