GitHub Advisory DatabaseGHSA-FVW2-2PF7-77VWApache Airflow subject to Exposure of Sensitive Information
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
46.8%
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.
Affected configurations
References
www.openwall.com/lists/oss-security/2022/11/14/3
github.com/advisories/GHSA-fvw2-2pf7-77vw
github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a
github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443
github.com/apache/airflow/pull/22754
lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p
nvd.nist.gov/vuln/detail/CVE-2022-27949
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
46.8%