Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2024/01/24 3:30 p.m.7 views

abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +14 more potentially affected by CVE-2023-51702 via apache-airflow (>=2.3.2 <=2.5.3)

apache-airflow PYPI version =2.3.2, =0.8.2, =0.1.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.1.0, =0.10.0.1 and more Source cves: CVE-2023-51702 Source advisory: OSV:GHSA-MG2X-MGGJ-6955...

6.5CVSS6.5AI score0.00381EPSS
Exploits0
Circl
Circl
added 2024/01/24 2:26 p.m.6 views

CVE-2023-51702

creationtimestamp| type| source ---|---|--- 2024-01-24 14:26:49+00:00| seen| https://t.me/ctinow/172782 2024-01-26 17:33:00+00:00| published-proof-of-concept| https://t.me/arpsyndicate/3014 2024-02-17 22:56:14+00:00| seen| https://t.me/ctinow/187061...

6.5CVSS6.3AI score0.00381EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/24 12:56 p.m.49 views

CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

6.5AI score0.00381EPSS
Exploits0References5
CVE
CVE
added 2024/01/24 12:56 p.m.64 views

CVE-2023-51702

CVE-2023-51702 describes a vulnerability in Apache Airflow’s CNCF Kubernetes provider where, since version 5.2.0, using deferrable mode with the Kubernetes config file path causes the worker to serialize the file contents into a dictionary and store it in metadata unencrypted. For Airflow version...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/01/24 12:56 p.m.21 views

CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

6.5CVSS6.5AI score0.00381EPSS
Exploits0References8
Rows per page
Query Builder