cvelistv5 - cve-2023-47037

CVE-2023-47037 (GCVE-0-2023-47037)

Vulnerability from cvelistv5 – Published: 2023-11-12 13:12 – Updated: 2025-02-13 17:14

Summary

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Severity ?

No CVSS data available.

CWE

CWE-863 - Incorrect Authorization

Assigner

apache

References

URL

Tags

	https://github.com/apache/airflow/pull/33413	patch
	https://lists.apache.org/thread/04y4vrw1t2xl030gs…	vendor-advisory
	http://www.openwall.com/lists/oss-security/2023/11/12/1

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache Airflow	Affected: 0 , < 2.7.3 (semver)

Credits

Tareq Ahamed from Hackerone Augusto Hidalgo

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:01:22.230Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/apache/airflow/pull/33413"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47037",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T15:19:46.132761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T15:23:17.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.python.org",
          "defaultStatus": "unaffected",
          "packageName": "apache-airflow",
          "product": "Apache Airflow",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "2.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Tareq Ahamed from Hackerone"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Augusto Hidalgo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWe failed to apply\u0026nbsp;CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-12T13:15:08.897Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/airflow/pull/33413"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-47037",
    "datePublished": "2023-11-12T13:12:23.137Z",
    "dateReserved": "2023-10-30T10:10:48.025Z",
    "dateUpdated": "2025-02-13T17:14:45.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.7.3\", \"matchCriteriaId\": \"D8DE0419-3A7A-4E73-A896-096554A71E34\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"We failed to apply\\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\\u00a0\\n\\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\\u00a0\\n\\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"No pudimos aplicar CVE-2023-40611 en 2.7.1 y esta vulnerabilidad se marc\\u00f3 como solucionada en ese momento. Apache Airflow, versiones anteriores a 2.7.3, se ve afectada por una vulnerabilidad que permite a los usuarios autenticados y autorizados para ver DAG modificar algunos valores de detalles de ejecuci\\u00f3n de DAG al enviar notas. Esto podr\\u00eda hacer que alteren detalles como los par\\u00e1metros de configuraci\\u00f3n, la fecha de inicio, etc. Los usuarios deben actualizar a la versi\\u00f3n 2.7.3 o posterior, que ha eliminado la vulnerabilidad.\"}]",
      "id": "CVE-2023-47037",
      "lastModified": "2024-11-21T08:29:38.800",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
      "published": "2023-11-12T14:15:25.980",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/12/1\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/airflow/pull/33413\", \"source\": \"security@apache.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/12/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/apache/airflow/pull/33413\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-47037\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-11-12T14:15:25.980\",\"lastModified\":\"2025-02-13T18:15:37.967\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\\n\\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\\n\\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\"},{\"lang\":\"es\",\"value\":\"No pudimos aplicar CVE-2023-40611 en 2.7.1 y esta vulnerabilidad se marc\u00f3 como solucionada en ese momento. Apache Airflow, versiones anteriores a 2.7.3, se ve afectada por una vulnerabilidad que permite a los usuarios autenticados y autorizados para ver DAG modificar algunos valores de detalles de ejecuci\u00f3n de DAG al enviar notas. Esto podr\u00eda hacer que alteren detalles como los par\u00e1metros de configuraci\u00f3n, la fecha de inicio, etc. Los usuarios deben actualizar a la versi\u00f3n 2.7.3 o posterior, que ha eliminado la vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.3\",\"matchCriteriaId\":\"D8DE0419-3A7A-4E73-A896-096554A71E34\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/12/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/airflow/pull/33413\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/11/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/apache/airflow/pull/33413\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/apache/airflow/pull/33413\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/12/1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:01:22.230Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-47037\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-03T15:19:46.132761Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-03T15:23:13.134Z\"}}], \"cna\": {\"title\": \"Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Tareq Ahamed from Hackerone\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Augusto Hidalgo\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Airflow\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.7.3\", \"versionType\": \"semver\"}], \"packageName\": \"apache-airflow\", \"collectionURL\": \"https://pypi.python.org\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/apache/airflow/pull/33413\", \"tags\": [\"patch\"]}, {\"url\": \"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/11/12/1\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"We failed to apply\\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\\u00a0\\n\\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\\u00a0\\n\\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWe failed to apply\u0026nbsp;CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-11-12T13:15:08.897Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-47037\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:14:45.806Z\", \"dateReserved\": \"2023-10-30T10:10:48.025Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-11-12T13:12:23.137Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-HM9R-7F84-25C9

Vulnerability from github – Published: 2023-11-12 15:30 – Updated: 2025-02-13 19:21

Summary

Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes

Details

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.3 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-47037"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285",
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-13T20:43:20Z",
    "nvd_published_at": "2023-11-12T14:15:25Z",
    "severity": "MODERATE"
  },
  "details": "Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0 Users should upgrade to version 2.7.3 or later which has removed the vulnerability.",
  "id": "GHSA-hm9r-7f84-25c9",
  "modified": "2025-02-13T19:21:05Z",
  "published": "2023-11-12T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/33413"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/airflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes"
}

PYSEC-2023-232

Vulnerability from pysec - Published: 2023-11-12 14:15 - Updated: 2023-11-12 16:29

Details

We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.

Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Impacted products

Name	purl
apache-airflow	pkg:pypi/apache-airflow

Aliases

CVE-2023-47037

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "apache-airflow",
        "purl": "pkg:pypi/apache-airflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.10.0",
        "1.10.1",
        "1.10.10",
        "1.10.10rc1",
        "1.10.10rc2",
        "1.10.10rc3",
        "1.10.10rc4",
        "1.10.10rc5",
        "1.10.11",
        "1.10.11rc1",
        "1.10.11rc2",
        "1.10.12",
        "1.10.12rc1",
        "1.10.12rc2",
        "1.10.12rc3",
        "1.10.12rc4",
        "1.10.13",
        "1.10.13rc1",
        "1.10.14",
        "1.10.14rc1",
        "1.10.14rc2",
        "1.10.14rc3",
        "1.10.14rc4",
        "1.10.15",
        "1.10.15rc1",
        "1.10.1b1",
        "1.10.1rc2",
        "1.10.2",
        "1.10.2b2",
        "1.10.2rc1",
        "1.10.2rc2",
        "1.10.2rc3",
        "1.10.3",
        "1.10.3b1",
        "1.10.3b2",
        "1.10.3rc1",
        "1.10.3rc2",
        "1.10.4",
        "1.10.4b2",
        "1.10.4rc1",
        "1.10.4rc2",
        "1.10.4rc3",
        "1.10.4rc4",
        "1.10.4rc5",
        "1.10.5",
        "1.10.5rc1",
        "1.10.6",
        "1.10.6rc1",
        "1.10.6rc2",
        "1.10.7",
        "1.10.7rc1",
        "1.10.7rc2",
        "1.10.7rc3",
        "1.10.8",
        "1.10.8rc1",
        "1.10.9",
        "1.10.9rc1",
        "1.8.1",
        "1.8.2",
        "1.8.2rc1",
        "1.9.0",
        "2.0.0",
        "2.0.0b1",
        "2.0.0b2",
        "2.0.0b3",
        "2.0.0rc1",
        "2.0.0rc2",
        "2.0.0rc3",
        "2.0.1",
        "2.0.1rc1",
        "2.0.1rc2",
        "2.0.2",
        "2.0.2rc1",
        "2.1.0",
        "2.1.0rc1",
        "2.1.0rc2",
        "2.1.1",
        "2.1.1rc1",
        "2.1.2",
        "2.1.2rc1",
        "2.1.3",
        "2.1.3rc1",
        "2.1.4",
        "2.1.4rc1",
        "2.1.4rc2",
        "2.2.0",
        "2.2.0b1",
        "2.2.0b2",
        "2.2.0rc1",
        "2.2.1",
        "2.2.1rc1",
        "2.2.1rc2",
        "2.2.2",
        "2.2.2rc1",
        "2.2.2rc2",
        "2.2.3",
        "2.2.3rc1",
        "2.2.3rc2",
        "2.2.4",
        "2.2.4rc1",
        "2.2.5",
        "2.2.5rc1",
        "2.2.5rc2",
        "2.2.5rc3",
        "2.3.0",
        "2.3.0b1",
        "2.3.0rc1",
        "2.3.0rc2",
        "2.3.1",
        "2.3.1rc1",
        "2.3.2",
        "2.3.2rc1",
        "2.3.2rc2",
        "2.3.3",
        "2.3.3rc1",
        "2.3.3rc2",
        "2.3.3rc3",
        "2.3.4",
        "2.3.4rc1",
        "2.4.0",
        "2.4.0b1",
        "2.4.0rc1",
        "2.4.1",
        "2.4.1rc1",
        "2.4.2",
        "2.4.2rc1",
        "2.4.3",
        "2.4.3rc1",
        "2.5.0",
        "2.5.0rc1",
        "2.5.0rc2",
        "2.5.0rc3",
        "2.5.1",
        "2.5.1rc1",
        "2.5.1rc2",
        "2.5.2",
        "2.5.2rc1",
        "2.5.2rc2",
        "2.5.3",
        "2.5.3rc1",
        "2.5.3rc2",
        "2.6.0",
        "2.6.0b1",
        "2.6.0rc1",
        "2.6.0rc2",
        "2.6.0rc3",
        "2.6.0rc4",
        "2.6.0rc5",
        "2.6.1",
        "2.6.1rc1",
        "2.6.1rc2",
        "2.6.1rc3",
        "2.6.2",
        "2.6.2rc1",
        "2.6.2rc2",
        "2.6.3",
        "2.6.3rc1",
        "2.7.0",
        "2.7.0b1",
        "2.7.0rc1",
        "2.7.0rc2",
        "2.7.1",
        "2.7.1rc1",
        "2.7.1rc2",
        "2.7.2",
        "2.7.2rc1",
        "2.7.3rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2023-47037"
  ],
  "details": "We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\n\n",
  "id": "PYSEC-2023-232",
  "modified": "2023-11-12T16:29:15.404665+00:00",
  "published": "2023-11-12T14:15:00+00:00",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/apache/airflow/pull/33413"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
    }
  ]
}

CNVD-2023-93318

Vulnerability from cnvd - Published: 2023-11-28

Title

Apache Airflow授权问题漏洞（CNVD-2023-93318）

Description

Apache Airflow是美国阿帕奇（Apache）基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2.7.3之前版本存在授权问题漏洞，该漏洞源于存在不当的权限管理，经过身份验证的攻击者可利用该漏洞在提交注释时修改某些DAG运行详细信息值，这可能会让他们更改配置参数、开始日期等详细信息。

Severity

中

Patch Name

Apache Airflow授权问题漏洞（CNVD-2023-93318）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0

Reference

https://github.com/apache/airflow/pull/33413

Impacted products

Name
Apache Airflow <2.7.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-47037",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037"
    }
  },
  "description": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u53ef\u6269\u5c55\u548c\u52a8\u6001\u76d1\u63a7\u7b49\u7279\u70b9\u3002\n\nApache Airflow 2.7.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e0d\u5f53\u7684\u6743\u9650\u7ba1\u7406\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u63d0\u4ea4\u6ce8\u91ca\u65f6\u4fee\u6539\u67d0\u4e9bDAG\u8fd0\u884c\u8be6\u7ec6\u4fe1\u606f\u503c\uff0c\u8fd9\u53ef\u80fd\u4f1a\u8ba9\u4ed6\u4eec\u66f4\u6539\u914d\u7f6e\u53c2\u6570\u3001\u5f00\u59cb\u65e5\u671f\u7b49\u8be6\u7ec6\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-93318",
  "openTime": "2023-11-28",
  "patchDescription": "Apache Airflow\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u3001\u7ba1\u7406\u548c\u76d1\u63a7\u5de5\u4f5c\u6d41\u7a0b\u7684\u5f00\u6e90\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u53ef\u6269\u5c55\u548c\u52a8\u6001\u76d1\u63a7\u7b49\u7279\u70b9\u3002\r\n\r\nApache Airflow 2.7.3\u4e4b\u524d\u7248\u672c\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b58\u5728\u4e0d\u5f53\u7684\u6743\u9650\u7ba1\u7406\uff0c\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u63d0\u4ea4\u6ce8\u91ca\u65f6\u4fee\u6539\u67d0\u4e9bDAG\u8fd0\u884c\u8be6\u7ec6\u4fe1\u606f\u503c\uff0c\u8fd9\u53ef\u80fd\u4f1a\u8ba9\u4ed6\u4eec\u66f4\u6539\u914d\u7f6e\u53c2\u6570\u3001\u5f00\u59cb\u65e5\u671f\u7b49\u8be6\u7ec6\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apache Airflow\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2023-93318\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Apache Airflow \u003c2.7.3"
  },
  "referenceLink": "https://github.com/apache/airflow/pull/33413",
  "serverity": "\u4e2d",
  "submitTime": "2023-11-14",
  "title": "Apache Airflow\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2023-93318\uff09"
}

FKIE_CVE-2023-47037

Vulnerability from fkie_nvd - Published: 2023-11-12 14:15 - Updated: 2025-02-13 18:15

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

References

URL	Tags
security@apache.org	http://www.openwall.com/lists/oss-security/2023/11/12/1	Mailing List, Third Party Advisory
security@apache.org	https://github.com/apache/airflow/pull/33413	Issue Tracking, Patch
security@apache.org	https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2023/11/12/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/apache/airflow/pull/33413	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0	Mailing List

Impacted products

	Vendor	Product	Version
	apache	airflow	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8DE0419-3A7A-4E73-A896-096554A71E34",
              "versionEndExcluding": "2.7.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability."
    },
    {
      "lang": "es",
      "value": "No pudimos aplicar CVE-2023-40611 en 2.7.1 y esta vulnerabilidad se marc\u00f3 como solucionada en ese momento. Apache Airflow, versiones anteriores a 2.7.3, se ve afectada por una vulnerabilidad que permite a los usuarios autenticados y autorizados para ver DAG modificar algunos valores de detalles de ejecuci\u00f3n de DAG al enviar notas. Esto podr\u00eda hacer que alteren detalles como los par\u00e1metros de configuraci\u00f3n, la fecha de inicio, etc. Los usuarios deben actualizar a la versi\u00f3n 2.7.3 o posterior, que ha eliminado la vulnerabilidad."
    }
  ],
  "id": "CVE-2023-47037",
  "lastModified": "2025-02-13T18:15:37.967",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-12T14:15:25.980",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/apache/airflow/pull/33413"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/apache/airflow/pull/33413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}

GSD-2023-47037

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-47037

Aliases

CVE-2023-47037

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-47037",
    "id": "GSD-2023-47037"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-47037"
      ],
      "details": "We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\n\n",
      "id": "GSD-2023-47037",
      "modified": "2023-12-13T01:20:51.429846Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2023-47037",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache Airflow",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "0",
                          "version_value": "2.7.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Tareq Ahamed from Hackerone"
        },
        {
          "lang": "en",
          "value": " Augusto Hidalgo"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-863",
                "lang": "eng",
                "value": "CWE-863 Incorrect Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/apache/airflow/pull/33413",
            "refsource": "MISC",
            "url": "https://github.com/apache/airflow/pull/33413"
          },
          {
            "name": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0",
            "refsource": "MISC",
            "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2023/11/12/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.7.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2023-47037"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "We failed to apply\u00a0CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.\u00a0\n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\u00a0\n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": []
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/apache/airflow/pull/33413",
              "refsource": "",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://github.com/apache/airflow/pull/33413"
            },
            {
              "name": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0",
              "refsource": "",
              "tags": [
                "Mailing List"
              ],
              "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"
            },
            {
              "name": "http://www.openwall.com/lists/oss-security/2023/11/12/1",
              "refsource": "",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-11-20T19:31Z",
      "publishedDate": "2023-11-12T14:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-47037 (GCVE-0-2023-47037)

GHSA-HM9R-7F84-25C9

PYSEC-2023-232

CNVD-2023-93318

FKIE_CVE-2023-47037

GSD-2023-47037

Tags

Sightings

Nomenclature