CVE-2023-37379— Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

N/A

未加控制的资源消耗(资源穷尽)

Apache Airflow 代码问题漏洞

Apache Airflow是美国阿帕奇（Apache）基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2.7.0之前版本存在代码问题漏洞。攻击者利用该漏洞导致系统拒绝服务。

N/A

N/A