PYSEC-0000-CVE-2026-45192

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

CVE-2026-45192

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

PT-2026-21640

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 2.11.1 Description The software contains a flaw that permits authenticated users possessing audit log access to view sensitive values within audit logs that they are not authorized to see. Specifically, when sensitive...

EUVD-2022-5526

Malicious code in bioql PyPI...

EUVD-2022-5008

Malicious code in bioql PyPI...

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

JetBrains TeamCity Permission Issues Vulnerability

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from a privilege issue vulnerability that originates from decrypting connection secrets without proper privileges by testing the connection endpoint. No...

JetBrains TeamCity 2024.12.1 Multiple Vulnerabilities

The version of JetBrains TeamCity installed on the remote host is prior to 2024.12.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 2024121 advisory. - In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page CVE-2025-24459 - In...

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

CVE-2025-24461

CVE-2025-24461 affects JetBrains TeamCity prior to 2024.12.1. The issue allows decryption of connection secrets without proper permissions via the Test Connection endpoint, exposing high confidentiality impact with no reported integrity or availability changes. Affected component: Test Connection...

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

CVE-2025-24461

In JetBrains TeamCity before 2024.12.1 decryption of connection secrets without proper permissions was possible via Test Connection endpoint...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a powerful continuous integration and continuous delivery CI/CD tool developed by JetBrains. JetBrains TeamCity suffers from a privilege issue vulnerability that originates from decrypting connection secrets without proper privileges by testing the connection endpoint. No...

PT-2025-5367 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2024.12.1 Description: The issue allows decryption of connection secrets without proper permissions via the "Test Connection" endpoint. This is related to incorrect authorization in the system...

Unspecified Vulnerability in CloudBees Jenkins

CloudBees Jenkins is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . There is a security vulnerability in...

CVE-2020-2101

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...

CVE-2020-2101

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...

CVE-2020-2101

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...