Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-fctg-457f-4uae
Vulnerability ID VCID-fctg-457f-4uae
Aliases CVE-2023-42781
GHSA-r7x6-xfcm-3mxv
PYSEC-2023-231
Summary Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2023-42781
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-42781
https://github.com/apache/airflow
https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3
https://github.com/apache/airflow/pull/34939
https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml
https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1
CVE-2023-42781 https://nvd.nist.gov/vuln/detail/CVE-2023-42781
GHSA-r7x6-xfcm-3mxv https://github.com/advisories/GHSA-r7x6-xfcm-3mxv
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.17222
EPSS Score 0.00054
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:33:14.951519+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2023-231.yaml 38.6.0