186 matches found
GHSA-QF3C-RW9F-JH7V Clear Text Credentials Exposed via Onboarding Task
Impact When credentials are provided while creating an OnboardingTask they may be visible via the Job Results view under the Additional Data tab as args for the Celery Task execution. This only applies to OnboardingTasks that are created with credentials specified while on v2.0.0-2.0.2 of Nautobo...
Information Disclosure
apacheairflowproviderscelery is vulnerable to Information Disclosure. An attacker is able to exploit this vulnerability by tricking a user into running an Airflow job that contains a malicious Celery task. The malicious task would then insert sensitive information into the Airflow logs as clear...
GHSA-666G-RFC5-C9JV Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
Design/Logic Flaw
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
CVE-2023-46215
CVE-2023-46215 affects Apache Airflow and its Celery provider. The issue is that sensitive information is logged in clear text when using rediss, amqp, or rpc protocols as the Celery result backend. Affected versions: Airflow Celery provider 3.3.0–3.4.0 and Apache Airflow 1.10.0–2.6.3. Impact is ...
CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
PT-2023-8383
Name of the Vulnerable Software and Affected Versions Apache Airflow Celery provider versions 3.3.0 through 3.4.0 Apache Airflow versions 1.10.0 through 2.6.3 Description The issue is related to the insertion of sensitive information into log files when using certain protocols as the Celery resul...
FreeBSD : py39-celery -- command injection vulnerability (0a38a0d9-757f-4ac3-9561-b439e933dfa9)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a38a0d9-757f-4ac3-9561-b439e933dfa9 advisory. - This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored i...
SUSE CVE-2021-23727
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...
SUSE CVE-2022-30034
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...
Leaktopus - Keep Your Source Code Under Control
Keep your source code under control. Key Features Plug &Play - one line installation with Docker. Scan various sources containing a set of keywords, e.g. ORGANIZATION-NAME.com. Currently supports: GitHub Repositories Gists coming soon Paste sites e.g., PasteBin coming soon Filter results with a...
CVE-2022-31549
The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
CVE-2022-31549
The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Flower Denial of Service Vulnerability
Flower is a Web-based, real-time monitoring and management of Celery distributed task queues. A denial of service vulnerability exists in the May 2, 2022 version of Flower and prior versions, which stems from being vulnerable to OAuth authentication bypass. An attacker can use this vulnerability ...
GHSA-Q4QM-XHF9-4P8F Flower OAuth authentication bypass
All versions of Flower, a web UI for the Celery Python RPC framework, as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. A fix was...
apache-airflow-providers-celery (>=2.1.0 <=2.1.0rc2), celery-director (>=0.5.0 <=0.6.0) +4 more potentially affected by CVE-2022-30034 via flower (>=0.9.3 <=1.1.0)
flower PYPI version =0.9.3, =2.1.0, =0.5.0, =0.6.0, =0.2.1a0, =2.10.9 Source cves: CVE-2022-30034 Source advisory: OSV:GHSA-Q4QM-XHF9-4P8F...