Email extractor lite 1.4 comma4/30/2024 Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. 3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2. 3.0 Apache Pulsar users should upgrade to at least 3.0.4. In Pulsar, namespace properties are reserved for user provided metadata about the namespace. ![]() Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. For custom authorization providers, the impact could be slightly different. This impact analysis assumes that Pulsar has been configured with the default authorization provider. ![]() An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. These management operations should be restricted to users with the tenant admin role or superuser role. This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |