$540 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets
1 min read
Summary
An improper access control vulnerability has been discovered in Apache Airflow which could allow low- privilegd users to view confidential data.
The vulnerability, CVE-2023-42780, has been fixed in version 2.7.2 of the platform.
Security researcher balis0ng reported the vulnerability via the Internet Bug Bounty programme and was awarded $540 for doing so.
The flaw relates to the way in which the Dag Warnings endpoint works in Apache Airflow versions prior to 2.7.2.
While users with less extensive permissions should have only been able to access Dag Warnings for Dags they were authorised to access, balis0ng found that it was possible to view all Dag warnings, including import errors and stack traces.