Improper Privilege Management in apache-airflow
Moderate severity
GitHub Reviewed
Published
Jan 28, 2022
to the GitHub Advisory Database
•
Updated Sep 3, 2024
Description
Published by the National Vulnerability Database
Jan 20, 2022
Reviewed
Jan 27, 2022
Published to the GitHub Advisory Database
Jan 28, 2022
Last updated
Sep 3, 2024
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
References