5 matches found
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +129 more potentially affected by CVE-2022-27949 via apache-airflow (>=1.8.2 <=2.2.5)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-27949 Source advisory: OSV:GHSA-FVW2-2PF7-77VW...
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +129 more potentially affected by CVE-2022-27949 via apache-airflow (>=1.8.2 <=2.2.5)
apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-27949 Source advisory: OSV:PYSEC-2022-42981...
CVE-2022-27949
CVE-2022-27949 affects Apache Airflow (UI) prior to 2.3.1. The issue allows viewing unmasked secrets in rendered template values for tasks that were not executed (e.g., tasks dependent on past/failed instances). Root cause details are not elaborated beyond the vulnerability description in the con...
CVE-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
CVE-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...