Also you should not be affected if your umask is 002 (group write enabled) - this is the default on many linux systems. where Airflow components do not share containers with other applications and users. You are affected only if you install Airflow using local installation / virtualenv or other Docker images, but the issue has no impact if docker containers are used as intended, i.e. This issue does not affect users who use or extend Airflow using Official Airflow Docker reference images ( ) - those images require to have group write permission set anyway. If your log files are stored in the home directory, these permission changes might impact your ability to run SSH operations after your home directory becomes group-writeable. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. 3.1 and 3.2 Apache Pulsar users should upgrade to at least 3.2.2. 3.0 Apache Pulsar users should upgrade to at least 3.0.4. In Pulsar, namespace properties are reserved for user provided metadata about the namespace. Additionally, the vulnerability allows an authenticated user to read, create, modify, and delete namespace properties in any namespace in any tenant. For custom authorization providers, the impact could be slightly different. This impact analysis assumes that Pulsar has been configured with the default authorization provider. An authenticated user with produce permission can create subscriptions and update subscription properties on partitioned topics, even though this should be limited to users with consume permissions. These management operations should be restricted to users with the tenant admin role or superuser role. This vulnerability allows authenticated users with produce or consume permissions to perform unauthorized operations on partitioned topics, such as unloading topics and triggering compaction.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |