Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistApacheCVELIST:CVE-2022-27949
HistoryNov 14, 2022 - 12:00 a.m.

CVE-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template

2022-11-1400:00:00
CWE-200
apache
www.cve.org
4
apache airflow
ui vulnerability
sensitive values
rendered templates
cve-2022-27949

EPSS

0.001

Percentile

46.8%

JSON

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

CNA Affected

[
  {
    "vendor": "Apache Software Foundation",
    "product": "Apache Airflow",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.3.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Related

osv 4
cnvd 1
github 1
cve 1
prion 1
veracode 1
nvd 1
osv
osv
CVE-2022-27949
2022-11-14 10:15:10
PYSEC-2022-42981
2022-11-14 10:15:00
BIT-airflow-2022-27949
2024-03-06 10:58:17
cnvd
cnvd
Apache Airflow Information Disclosure Vulnerability (CNVD-2022-78863)
2022-11-17 00:00:00
github
github
Apache Airflow subject to Exposure of Sensitive Information
2022-11-14 12:00:15
cve
cve
CVE-2022-27949
2022-11-14 10:15:10
prion
prion
Code injection
2022-11-14 10:15:00
veracode
veracode
Information Disclosure
2022-11-15 11:49:59
nvd
nvd
CVE-2022-27949
2022-11-14 10:15:10

EPSS

0.001

Percentile

46.8%

JSON
Related for CVELIST:CVE-2022-27949
osv4cnvd1github1cve1prion1veracode1nvd1