{"schema_version": "1.6.1", "id": "CVE-2023-42781", "summary": "Permission verification bypass allows viewing dagruns of other dags", "details": "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "2.7.3"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/airflow/pull/34939"}, {"type": "WEB", "url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1"}]}