Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2023-42792

CVE-2023-42792:
Apache Airflow vulnerable to privilege escalation

6.5

CVSS Score

Basic Information

CVE ID
CVE-2023-42792
GHSA ID
GHSA-j3w8-2p2h-mrr9
EPSS Score
-
CWE
CWE-668
Published
10/14/2023
Updated
9/3/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-airflowpip< 2.7.22.7.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The core vulnerability stems from missing consistency checks for dag_id parameters across multiple request sources. The GitHub PR #34366 explicitly adds a check_dag_consistency function to validate parameter alignment, indicating these were previously missing. The clear endpoint is specifically called out in vulnerability descriptions as an attack vector for unauthorized DAG clearing. Both the validation function and endpoint handler are directly implicated by the patch and CVE description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** *ir*low, in v*rsions prior to *.*.*, *ont*ins * s**urity vuln*r**ility t**t *llows *n *ut**nti**t** us*r wit* limit** ****ss to som* ***s, to *r**t * r*qu*st t**t *oul* *iv* t** us*r writ* ****ss to v*rious *** r*sour**s *or ***s t**t t** us*r

Reasoning

T** *or* vuln*r**ility st*ms *rom missin* *onsist*n*y ****ks *or ***_i* p*r*m*t*rs **ross multipl* r*qu*st sour**s. T** *it*u* PR #***** *xpli*itly ***s * ****k_***_*onsist*n*y *un*tion to v*li**t* p*r*m*t*r *li*nm*nt, in*i**tin* t**s* w*r* pr*viousl