Lucene search
ApacheCVELIST:CVE-2023-35005HistoryJun 19, 2023 - 8:15 a.m.
CVE-2023-35005 Apache Airflow: Information disclosure on configuration view
2023-06-1908:15:18
CWE-200
apache
www.cve.org
apache airflow
information disclosure
configuration view
vulnerability
version 2.5.0
version 2.6.2
0.001 Low
EPSS
Percentile
25.9%
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.
This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if [webserver] expose_config is set to non-sensitive-only), and not all uncensored values are actually sentitive.
This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.6.2",
"status": "affected",
"version": "2.5.0",
"versionType": "semver"
}
]
}
]Related
osv
osv
PYSEC-2023-89
2023-06-19 09:15:00
CVE-2023-35005
2023-06-19 09:15:09
Apache Airflow vulnerable to exposure of sensitive information
2023-06-19 09:30:17
veracode
veracode
Information Disclosure
2023-06-26 04:04:09
cve
cve
CVE-2023-35005
2023-06-19 09:15:09
cnvd
cnvd
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-55401)
2023-06-21 00:00:00
prion
prion
Code injection
2023-06-19 09:15:00
nvd
nvd
CVE-2023-35005
2023-06-19 09:15:09
github
github
Apache Airflow vulnerable to exposure of sensitive information
2023-06-19 09:30:17