=====================================================================

                              CERT-Renater

                    Note d'Information No. 2023/VULN308

_____________________________________________________________________

DATE                : 12/09/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Airflow versions prior
                                    to 2.7.1.

=====================================================================
https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts
https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0
_____________________________________________________________________

CVE-2023-40712: Apache Airflow: Secrets can be unmasked in the
"Rendered Template"

Severity: moderate

Affected versions:

- Apache Airflow before 2.7.1

Description:

Apache Airflow, versions before 2.7.1, is affected by a vulnerability
that allows authenticated users who have access to see the task/dag in
the UI, to craft a URL, which could lead to unmasking the secret
configuration of the task that otherwise would be masked in the UI.

Users are strongly advised to upgrade to version 2.7.1 or later which
has removed the vulnerability.


Credit:

klexadoc (finder)


References:

https://github.com/apache/airflow/pull/33512
https://github.com/apache/airflow/pull/33516
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-40712

_____________________________________________________________________

CVE-2023-40611: Apache Airflow Dag Runs Broken Access Control
Vulnerability

Severity: low

Affected versions:

- Apache Airflow before 2.7.1

Description:

Apache Airflow, versions before 2.7.1, is affected by a vulnerability
that allows authenticated and DAG-view authorized Users to modify
some DAG run detail values when submitting notes. This could have
them alter details such as configuration parameters, start date, etc.

Users should upgrade to version 2.7.1 or later which has removed the
vulnerability.


Credit:

happyhacking (finder)


References:

https://github.com/apache/airflow/pull/33413
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-40611

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================