Skip to main content
CVE-2023-42781 MEDIUM PATCH This Month

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-28694 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs - BuddyPress Activity Social Share plugin <= 3.5.0 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Buddypress Activity Social Share
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47037 MEDIUM PATCH This Month

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Airflow
NVD GitHub
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy