15 matches found
CVE-2026-25219
The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer in the HideSecretData function that fails to mask predictedLive argument for --server-side-diff command. An attacker can extract last-applied-configuration which may...
CVE-2026-25219
The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...
CVE-2026-25219 Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access
The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...
CVE-2026-25219
The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure...
PT-2026-33058
Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.1.8 Description The secrets masker failed to mark the access key and connection string connection properties as sensitive. This allows users with read permissions to view these values in the Connection UI...
GHSA-3QMM-R55X-HPXX Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
PYSEC-2026-9
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed coremaxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
CVE-2025-68438
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...
CVE-2024-45784
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...
PYSEC-2024-182
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...
PYSEC-2024-182
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...
jenkins-credentials-binding-plugin: improper masking of secrets
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...
jenkins-credentials-binding-plugin: information disclosure in build log when build contains no build steps
Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets in the build log when the build contains no build steps...
PT-2020-15394 · Jenkins · Jenkins Credentials Binding Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 1.22 and earlier Description: The issue concerns the Jenkins Credentials Binding Plugin, where secrets are not masked in the build log when the build contains no build steps. This affects the securi...