CSRF Bypass Vulnerability in Apache Airflow 2.7.0 - 2.7.3

CSRF Bypass Vulnerability in Apache Airflow 2.7.0 - 2.7.3

CVE-2023-49920 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent. Users are advised to upgrade to version 2.8.0 or later which is not affected

Learn more about our Web App Pen Testing.