Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
                
            Metrics
Affected Vendors & Products
References
        History
                    Tue, 13 May 2025 00:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Apache Apache airflow | |
| CPEs | cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* | |
| Vendors & Products | Apache Apache airflow | 
Fri, 01 Nov 2024 18:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | cvssV3_1 
 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: apache
Published: 2024-03-01T11:05:54.480Z
Updated: 2025-02-13T17:41:11.624Z
Reserved: 2024-02-15T15:12:52.265Z
Link: CVE-2024-26280
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-08-02T00:07:19.232Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-03-01T11:15:08.123
Modified: 2025-05-13T00:15:21.653
Link: CVE-2024-26280
 Redhat
                        Redhat
                    No data.