10 matches found
EUVD-2023-0025
Malicious code in bioql PyPI...
BIT-AIRFLOW-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...
BIT-2023-46288
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuratio...
Apache Airflow vulnerable to Exposure of Sensitive Information
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow. This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for...
Default configuration
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...
CVE-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...
armada-airflow (=0.5.4), jefferson-street-composer (>=1.2.0 <=1.7.1) potentially affected by CVE-2023-45348 via apache-airflow (=2.7.1)
apache-airflow PYPI version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - armada-airflow =0.5.4 - jefferson-street-composer =1.2.0, =1.7.1 Source cves: CVE-2023-45348 Source advisory: OSV:GHSA-FPXX-XV4C-GX...
armada-airflow (=0.5.4), jefferson-street-composer (>=1.2.0 <=1.7.1) potentially affected by CVE-2023-45348 via apache-airflow (=2.7.1)
apache-airflow PYPI version =2.7.1 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - armada-airflow =0.5.4 - jefferson-street-composer =1.2.0, =1.7.1 Source cves: CVE-2023-45348 Source advisory: OSV:PYSEC-2023-204...
CVE-2023-45348
CVE-2023-45348 affects Apache Airflow (versions 2.7.0 and 2.7.1). The issue is an information leakage where an authenticated user can retrieve sensitive configuration data when the expose_config option is set to non-sensitive-only (default is False). The vulnerability specifically concerns access...
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...