18 matches found
EUVD-2023-0016
Malicious code in bioql PyPI...
CVE-2022-46651
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
BIT-AIRFLOW-2022-46651 Apache Airflow: Security vulnerability on AirFlow Connections
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
BIT-AIRFLOW-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
GHSA-X2MH-8FMC-RQGH Apache Airflow denial of service vulnerability
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
Apache Airflow denial of service vulnerability
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
CVE-2023-37379
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
Improper access control
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...
CVE-2023-37379
CVE-2023-37379 affects Apache Airflow versions prior to 2.7.0. An authenticated user with Connection edit privileges can access connection information and abuse the test connection feature by sending many requests, causing a DoS condition on the server and enabling potentially harmful connections...
Information Disclosure
apacheairflow is vulnerable to Information Disclosure. A remote authenticated attacker with the ability to update the connection resource is able to gain access to confidential information in theConnection edit view, resulting in disclosure of sensitive information...
Apache Airflow information disclosure vulnerability
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
CVE-2022-46651
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
Design/Logic Flaw
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
PYSEC-2023-103
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
PYSEC-2023-103
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
CVE-2022-46651 Apache Airflow: Security vulnerability on AirFlow Connections
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...
CVE-2022-46651
Apache Airflow (versions before 2.6.3) is affected by an information-disclosure vulnerability in the Connection edit view. An unauthorized actor with access to Connection resources could potentially view sensitive data when updating a connection. Remediation: upgrade to Airflow 2.6.3 or later, wh...
CVE-2022-46651 Apache Airflow: Security vulnerability on AirFlow Connections
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the...