CVE-2021-45230

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 20/01/2022 Updated: 12/07/2022

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

In Apache Airflow before 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache airflow

Description: This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for This is a very low severity CVE and admins can mitigate this issue by removing the global "can_create" permissions on DagRun for Airflow versions >=200,<22 ...

NVD-CWE-noinfo https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl https://nvd.nist.gov http://seclists.org/oss-sec/2022/q1/56

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-45230

Vulnerability Summary

Vulnerability Trend

Mailing Lists

References

Vulmon Search

About

Products

Connect