Lucene search

GitHub Advisory DatabaseGHSA-H6G5-WQQR-3MW3

HistoryMar 15, 2023 - 12:30 p.m.

Sensitive Information in Error Messages in Apache Airflow

2023-03-1512:30:19

CWE-209

GitHub Advisory Database

github.com

apache airflow

error messages

sensitive information

vulnerability

apache software foundation

unauthenticated user

python version

airflow version

node name

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

41.9%

JSON

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected configurations

Vulners

Node

apacheairflowRange<2.5.2

CPENameOperatorVersion
apache-airflowlt2.5.2

CPE	Name	Operator	Version
	apache-airflow	lt	2.5.2

References

github.com/advisories/GHSA-h6g5-wqqr-3mw3

github.com/apache/airflow/pull/29501

lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2

nvd.nist.gov/vuln/detail/CVE-2023-25695

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

41.9%

JSON

Related for GHSA-H6G5-WQQR-3MW3