Lucene search
K

6 matches found

OSV
OSV
added 2026/02/24 8:38 a.m.7 views

BIT-AIRFLOW-2025-65995 Apache Airflow: Disclosure of secrets to UI via kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

6.5CVSS5.4AI score0.00801EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/21 4:32 a.m.4 views

Information Exposure

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Information Exposure in the error messages in the UI when a DAG fails during parsing. A user can obtain...

7.1CVSS5.8AI score0.00801EPSS
Exploits0References2
OSV
OSV
added 2026/02/21 3:31 a.m.4 views

GHSA-GFW7-2V73-69WG Apache Airflow error reporting may expose full kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

6.5CVSS5.7AI score0.00801EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/21 2:14 a.m.5 views

CVE-2025-65995

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

5.5AI score0.00801EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/21 2:14 a.m.1 views

CVE-2025-65995 Apache Airflow: Disclosure of secrets to UI via kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

5.2AI score0.00801EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/21 2:14 a.m.30 views

CVE-2025-65995 Apache Airflow: Disclosure of secrets to UI via kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

0.00801EPSS
Exploits0References3
Rows per page
Query Builder