Lucene search
GoogleOSV:BIT-2023-45348HistoryOct 19, 2023 - 6:17 a.m.
BIT-2023-45348
2023-10-1906:17:15
Google
osv.dev
16
apache airflow
vulnerability
authenticated user
sensitive configuration
upgrade
0.0005 Low
EPSS
Percentile
18.8%
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the “expose_config” option is set to “non-sensitive-only”. The expose_config option is False by default.It is recommended to upgrade to a version that is not affected.
Related
osv
osv
BIT-airflow-2023-45348
2024-03-06 10:52:21
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
2023-10-14 12:30:23
PYSEC-2023-204
2023-10-14 10:15:00
cnvd
cnvd
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85611)
2023-10-17 00:00:00
github
github
cve
cve
CVE-2023-45348
2023-10-14 10:15:10
CVE-2023-46288
2023-10-23 19:15:11
nvd
nvd
CVE-2023-45348
2023-10-14 10:15:10
CVE-2023-46288
2023-10-23 19:15:11
veracode
veracode
Information Disclosure
2023-10-18 05:20:50
cvelist
cvelist
prion
prion
Design/Logic Flaw
2023-10-14 10:15:00
Default configuration
2023-10-23 19:15:00