Lucene search
K

7 matches found

Snyk
Snyk
added 2026/05/19 9:50 p.m.7 views

Incorrect Authorization

Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Incorrect Authorization in the team-scoping logic. An attacker can access secrets belonging to other teams by crafting ...

5.9CVSS5.8AI score0.00413EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/19 9:32 p.m.8 views

airflow-add-ons (>=0.2.4 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-42526 via apache-airflow-providers-amazon (>=1.4.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =1.4.0, =0.2.4, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-42526 Source advisory: OSV:GHSA-G9QC-QF28-HHQX...

5.3CVSS5.7AI score0.00413EPSS
Exploits0
NVD
NVD
added 2026/05/19 8:16 p.m.19 views

CVE-2026-42526

In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...

5.3CVSS0.00413EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 7:17 p.m.25 views

CVE-2026-42526

The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References3Affected Software1
GithubExploit
GithubExploit
added 2026/04/22 1:22 a.m.127 views

Exploit for Origin Validation Error in Apache Airflow_Providers_Amazon

CVE-2026-25604 PoC Host Header Injection leading to SAML au...

5.4CVSS5.8AI score0.00359EPSS
Exploits1
Snyk
Snyk
added 2026/03/17 12:46 p.m.6 views

Exposure of Resource to Wrong Sphere

Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain...

9.3CVSS5.8AI score0.00677EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/09 12:31 p.m.8 views

airflow-add-ons (>=0.2.4 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-25604 via apache-airflow-providers-amazon (>=1.4.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =1.4.0, =0.2.4, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-25604 Source advisory: OSV:GHSA-RV5F-CCPM-XJJ4...

5.4CVSS5.7AI score0.00359EPSS
Exploits1
Rows per page
Query Builder