Lucene search
China National Vulnerability DatabaseCNVD-2023-72235HistorySep 20, 2023 - 12:00 a.m.
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-72235)
2023-09-2000:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
apache airflow
information disclosure
vulnerability
apache foundation
open source
workflow
ui
sensitive information
cnvd
EPSS
0.002
Percentile
52.0%
Apache Airflow is the United States Apache (Apache) Foundation’s set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions prior to 2.7.1, which stems from allowing a user with the right to view tasks/dags in the UI to create URLs, which could lead to the disclosure of a task’s configuration. An attacker can exploit this vulnerability to obtain sensitive information.
Related
prion
prion
Design/Logic Flaw
2023-09-12 12:15:00
osv
osv
PYSEC-2023-171
2023-09-12 12:15:00
CVE-2023-40712
2023-09-12 12:15:08
BIT-airflow-2023-40712
2024-03-06 10:53:19
cve
cve
CVE-2023-40712
2023-09-12 12:15:08
vulnrichment
vulnrichment
github
github
Apache Airflow information exposure vulnerability
2023-09-12 19:25:08
nvd
nvd
CVE-2023-40712
2023-09-12 12:15:08
cvelist
cvelist
hackerone
hackerone
Internet Bug Bounty: Secrets can be unmasked in the "Rendered Template"
2023-10-15 09:40:05
nessus
nessus