9 matches found
BIT-AIRFLOW-2024-31869 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...
GHSA-2522-MRJC-M688 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...
BIT-AIRFLOW-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +13 more potentially affected by CVE-2023-46288 via apache-airflow (>=2.4.0 <=2.7.1)
apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.9.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves: CVE-2023-46288 Source advisory: OSV:GHSA-9QQG-MH7C-CHFQ...
CVE-2023-46288
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +12 more potentially affected by CVE-2023-46288 via apache-airflow (>=2.4.0 <=2.6.3)
apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.9.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves: CVE-2023-46288 Source advisory: OSV:PYSEC-2023-218...
CVE-2023-46288
CVE-2023-46288 affects Apache Airflow (versions 2.4.0–2.7.0) where sensitive configuration data could be read by authenticated users via the REST API when expose_config allows non-sensitive values. The issue is due to configuration exposure even when expose_config is set to non-sensitive-only; ve...
CVE-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...