Lucene search
K

8 matches found

OSV
OSV
added 2026/06/05 5:40 a.m.9 views

BIT-AIRFLOW-2026-45192 Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

6.5CVSS5.5AI score0.0041EPSS
Exploits0References4
PyPA
PyPA
added 2026/06/01 8:16 a.m.12 views

PYSEC-2026-173

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/01 8:16 a.m.17 views

CVE-2026-45192

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

6.5CVSS0.0041EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 8:16 a.m.9 views

PYSEC-2026-173

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 6:51 a.m.39 views

CVE-2026-45192 Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

0.0041EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 6:51 a.m.13 views

CVE-2026-45192 Apache Airflow: Incomplete Redaction of Sensitive Fields in Connection Extra API Response

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

5.8AI score0.0041EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 6:51 a.m.9 views

CVE-2026-45192

A bug in the GET /api/v2/connections/connectionid REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist DEFAULTSENSITIVEFIELDS —...

5.8AI score0.0041EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 6:51 a.m.32 views

CVE-2026-45192

CVE-2026-45192 concerns Apache Airflow where a bug in GET /api/v2/connections/{connection_id} allowed an authenticated UI/API user with Connection-read permission to access secrets stored in a Connection's extra JSON blob that are not included in the redaction allowlist (DEFAULT_SENSITIVE_FIELDS)...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder