Lucene search
K

9 matches found

OSV
OSV
added 2024/04/20 7:16 a.m.27 views

BIT-AIRFLOW-2024-31869 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

5.3CVSS4.2AI score0.01049EPSS
Exploits0References4
OSV
OSV
added 2024/04/18 9:30 a.m.51 views

GHSA-2522-MRJC-M688 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

4.3CVSS4.2AI score0.01049EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/04/18 9:30 a.m.44 views

Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

5.3CVSS6.7AI score0.01049EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/03/06 10:52 a.m.29 views

BIT-AIRFLOW-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...

4.3CVSS4.2AI score0.01416EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/10/23 9:30 p.m.8 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +13 more potentially affected by CVE-2023-46288 via apache-airflow (>=2.4.0 <=2.7.1)

apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.9.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves: CVE-2023-46288 Source advisory: OSV:GHSA-9QQG-MH7C-CHFQ...

4.3CVSS5.8AI score0.01416EPSS
Exploits0
NVD
NVD
added 2023/10/23 7:15 p.m.32 views

CVE-2023-46288

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...

4.3CVSS4.3AI score0.01416EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/10/23 7:15 p.m.4 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.10.5.2rc3 <=0.11.0rc1) +12 more potentially affected by CVE-2023-46288 via apache-airflow (>=2.4.0 <=2.6.3)

apache-airflow PYPI version =2.4.0, =0.10.5.2rc3, =0.9.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves: CVE-2023-46288 Source advisory: OSV:PYSEC-2023-218...

4.3CVSS5.8AI score0.01416EPSS
Exploits0
CVE
CVE
added 2023/10/23 6:13 p.m.109 views

CVE-2023-46288

CVE-2023-46288 affects Apache Airflow (versions 2.4.0–2.7.0) where sensitive configuration data could be read by authenticated users via the REST API when expose_config allows non-sensitive values. The issue is due to configuration exposure even when expose_config is set to non-sensitive-only; ve...

4.3CVSS4.2AI score0.01416EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/10/23 6:13 p.m.28 views

CVE-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configurati...

4.6AI score0.01416EPSS
Exploits0References3
Rows per page
Query Builder