Lucene search
K

186 matches found

OSV
OSV
added 2023/11/21 11:50 p.m.20 views

GHSA-QF3C-RW9F-JH7V Clear Text Credentials Exposed via Onboarding Task

Impact When credentials are provided while creating an OnboardingTask they may be visible via the Job Results view under the Additional Data tab as args for the Celery Task execution. This only applies to OnboardingTasks that are created with credentials specified while on v2.0.0-2.0.2 of Nautobo...

5.7CVSS6.5AI score0.00414EPSS
Exploits0References4
Veracode
Veracode
added 2023/10/30 5:27 a.m.13 views

Information Disclosure

apacheairflowproviderscelery is vulnerable to Information Disclosure. An attacker is able to exploit this vulnerability by tricking a user into running an Airflow job that contains a malicious Celery task. The malicious task would then insert sensitive information into the Airflow logs as clear...

7.5CVSS6.5AI score0.01203EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/28 9:30 a.m.26 views

GHSA-666G-RFC5-C9JV Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/10/28 9:30 a.m.31 views

Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2023/10/28 8:15 a.m.26 views

CVE-2023-46215

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References3
Prion
Prion
added 2023/10/28 8:15 a.m.20 views

Design/Logic Flaw

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

5CVSS7.4AI score0.01203EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2023/10/28 7:10 a.m.16 views

CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.3AI score0.01203EPSS
Exploits0References3
OSV
OSV
added 2023/10/28 7:10 a.m.24 views

CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7AI score0.01203EPSS
Exploits0References6
CVE
CVE
added 2023/10/28 7:10 a.m.118 views

CVE-2023-46215

CVE-2023-46215 affects Apache Airflow and its Celery provider. The issue is that sensitive information is logged in clear text when using rediss, amqp, or rpc protocols as the Celery result backend. Affected versions: Airflow Celery provider 3.3.0–3.4.0 and Apache Airflow 1.10.0–2.6.3. Impact is ...

7.5CVSS7.3AI score0.01203EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2023/10/28 7:10 a.m.26 views

CVE-2023-46215 Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5AI score0.01203EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/28 12:0 a.m.4 views

PT-2023-8383

Name of the Vulnerable Software and Affected Versions Apache Airflow Celery provider versions 3.3.0 through 3.4.0 Apache Airflow versions 1.10.0 through 2.6.3 Description The issue is related to the insertion of sensitive information into log files when using certain protocols as the Celery resul...

7.8CVSS7.1AI score0.01203EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2023/04/14 12:0 a.m.42 views

FreeBSD : py39-celery -- command injection vulnerability (0a38a0d9-757f-4ac3-9561-b439e933dfa9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a38a0d9-757f-4ac3-9561-b439e933dfa9 advisory. - This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored i...

7.5CVSS7.6AI score0.03877EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:45 a.m.4 views

SUSE CVE-2021-23727

This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends result stores. When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery...

7.5CVSS7.9AI score0.03877EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.4 views

SUSE CVE-2022-30034

Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes...

8.6CVSS8.8AI score0.01339EPSS
Exploits1References3
Kitploit
Kitploit
added 2023/02/10 11:30 a.m.57 views

Leaktopus - Keep Your Source Code Under Control

Keep your source code under control. Key Features Plug &Play - one line installation with Docker. Scan various sources containing a set of keywords, e.g. ORGANIZATION-NAME.com. Currently supports: GitHub Repositories Gists coming soon Paste sites e.g., PasteBin coming soon Filter results with a...

7.4AI score
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/07/11 1:15 a.m.3 views

CVE-2022-31549

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS5.3AI score0.01398EPSS
Exploits1References3
NVD
NVD
added 2022/07/11 1:15 a.m.12 views

CVE-2022-31549

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS0.01398EPSS
Exploits1References2
CNVD
CNVD
added 2022/06/09 12:0 a.m.21 views

Flower Denial of Service Vulnerability

Flower is a Web-based, real-time monitoring and management of Celery distributed task queues. A denial of service vulnerability exists in the May 2, 2022 version of Flower and prior versions, which stems from being vulnerable to OAuth authentication bypass. An attacker can use this vulnerability ...

8.6CVSS8.4AI score0.01339EPSS
Exploits1References1
OSV
OSV
added 2022/06/03 12:1 a.m.85 views

GHSA-Q4QM-XHF9-4P8F Flower OAuth authentication bypass

All versions of Flower, a web UI for the Celery Python RPC framework, as of 05-02-2022 are vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. A fix was...

8.8CVSS8.6AI score0.01339EPSS
Exploits1References7
vulnersOsv
vulnersOsv
added 2022/06/03 12:1 a.m.6 views

apache-airflow-providers-celery (>=2.1.0 <=2.1.0rc2), celery-director (>=0.5.0 <=0.6.0) +4 more potentially affected by CVE-2022-30034 via flower (>=0.9.3 <=1.1.0)

flower PYPI version =0.9.3, =2.1.0, =0.5.0, =0.6.0, =0.2.1a0, =2.10.9 Source cves: CVE-2022-30034 Source advisory: OSV:GHSA-Q4QM-XHF9-4P8F...

8.6CVSS7.2AI score0.01339EPSS
Exploits1
Rows per page
Query Builder