EUVD-2023-1930

Malicious code in bioql PyPI...

Cleartext Storage Of Sensitive Information

apache-airflow & apache-airflow-providers-cncf-kubernetes are vulnerable to Cleartext Storage Of Sensitive Information. The vulnerability is due to the storage of configuration files without encryption, and plaintext logging of configuration details, allowing an attacker to access the kubernetes...

GHSA-2RX4-9F5H-9GJF Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

CVE-2023-33234

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

Code injection

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

CVE-2023-33234 Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

CVE-2023-33234 Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...