5 matches found
abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +14 more potentially affected by CVE-2023-51702 via apache-airflow (>=2.3.2 <=2.5.3)
apache-airflow PYPI version =2.3.2, =0.8.2, =0.1.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.1.0, =0.10.0.1 and more Source cves: CVE-2023-51702 Source advisory: OSV:GHSA-MG2X-MGGJ-6955...
CVE-2023-51702
creationtimestamp| type| source ---|---|--- 2024-01-24 14:26:49+00:00| seen| https://t.me/ctinow/172782 2024-01-26 17:33:00+00:00| published-proof-of-concept| https://t.me/arpsyndicate/3014 2024-02-17 22:56:14+00:00| seen| https://t.me/ctinow/187061...
CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...
CVE-2023-51702
CVE-2023-51702 describes a vulnerability in Apache Airflow’s CNCF Kubernetes provider where, since version 5.2.0, using deferrable mode with the Kubernetes config file path causes the worker to serialize the file contents into a dictionary and store it in metadata unencrypted. For Airflow version...
CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...