Lucene search
ApacheCVELIST:CVE-2023-45348HistoryOct 14, 2023 - 9:46 a.m.
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability
2023-10-1409:46:44
CWE-200
apache
www.cve.org
1
apache airflow
configuration
information leakage
vulnerability
upgrade
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the “expose_config” option is set to “non-sensitive-only”. The expose_config option is False by default.
It is recommended to upgrade to a version that is not affected.
CNA Affected
[
{
"collectionURL": "https://pypi.python.org/",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.7.2",
"status": "affected",
"version": "2.7.0",
"versionType": "semver"
}
]
}
]Related
osv
osv
BIT-2023-45348
2023-10-19 06:17:15
BIT-airflow-2023-45348
2024-03-06 10:52:21
cnvd
cnvd
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85611)
2023-10-17 00:00:00
github
github
cve
cve
CVE-2023-45348
2023-10-14 10:15:10
CVE-2023-46288
2023-10-23 19:15:11
nvd
nvd
CVE-2023-45348
2023-10-14 10:15:10
CVE-2023-46288
2023-10-23 19:15:11
veracode
veracode
Information Disclosure
2023-10-18 05:20:50
prion
prion
Design/Logic Flaw
2023-10-14 10:15:00
Default configuration
2023-10-23 19:15:00
cvelist
cvelist