Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0025

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.01416EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 10:52 a.m.29 views

BIT-AIRFLOW-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...

4.3CVSS4.2AI score0.01416EPSS
Exploits0References4
OSV
OSV
added 2023/10/29 7:16 a.m.105 views

BIT-2023-46288

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuratio...

4.3CVSS6.4AI score0.01416EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/10/23 9:30 p.m.47 views

Apache Airflow vulnerable to Exposure of Sensitive Information

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for...

4.3CVSS6.4AI score0.01416EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2023/10/23 7:15 p.m.30 views

Default configuration

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...

4CVSS4.2AI score0.01416EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/23 6:13 p.m.31 views

CVE-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...

4.3CVSS5.9AI score0.01416EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2023/10/14 12:30 p.m.6 views

armada-airflow (=0.5.4), jefferson-street-composer (>=1.2.0 <=1.7.1) potentially affected by CVE-2023-45348 via apache-airflow (=2.7.1)

apache-airflow PYPI version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - armada-airflow =0.5.4 - jefferson-street-composer =1.2.0, =1.7.1 Source cves: CVE-2023-45348 Source advisory: OSV:GHSA-FPXX-XV4C-GX...

4.3CVSS5.8AI score0.01232EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/10/14 10:15 a.m.5 views

armada-airflow (=0.5.4), jefferson-street-composer (>=1.2.0 <=1.7.1) potentially affected by CVE-2023-45348 via apache-airflow (=2.7.1)

apache-airflow PYPI version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - armada-airflow =0.5.4 - jefferson-street-composer =1.2.0, =1.7.1 Source cves: CVE-2023-45348 Source advisory: OSV:PYSEC-2023-204...

4.3CVSS5.8AI score0.01232EPSS
Exploits0
CVE
CVE
added 2023/10/14 9:46 a.m.147 views

CVE-2023-45348

CVE-2023-45348 affects Apache Airflow (versions 2.7.0 and 2.7.1). The issue is an information leakage where an authenticated user can retrieve sensitive configuration data when the expose_config option is set to non-sensitive-only (default is False). The vulnerability specifically concerns access...

4.3CVSS4.2AI score0.01232EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/14 9:46 a.m.30 views

CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...

4.3CVSS5.9AI score0.01232EPSS
Exploits0References6
Rows per page
Query Builder