Severity

Medium

Analysis Summary

CVE-2021-45230

Apache Airflow could allow a remote authenticated attacker to bypass security restrictions, caused by improper permission validation. By sending a specially-crafted request, an attacker could exploit this vulnerability to create Dag Runs for dags that they don’t have “edit” permissions for.

Impact

• Security Bypass

Affected Vendors

Apache

Affected Products

• Apache Airflow 2.0.0
• Apache Airflow 2.1.0
• Apache Airflow 1.10.0

Remediation

Upgrade to the latest version of Apache Airflow, available from the Apache Web site.