5 matches found
aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +8 more potentially affected by CVE-2024-50378 via apache-airflow (>=1.8.2 <=2.0.2)
apache-airflow PYPI version =1.8.2, =0.1.0rc3, =0.1.0, =2.4.2, =1.7.2, =0.3.12, =11.8.0, =0.0.5, =0.0.6 Source cves: CVE-2024-50378 Source advisory: OSV:GHSA-J857-2PWM-JJMM...
CVE-2024-50378 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-50378 vulnerabilities
Vulnerabilities for packages: airflow...
CVE-2024-50378
creationtimestamp| type| source ---|---|--- 2024-11-08 14:40:10+00:00| seen| https://infosec.exchange/users/cve/statuses/113447849756495688 2024-11-08 17:12:24+00:00| seen| https://t.me/cvedetector/10199...
CVE-2024-50378
This CVE (CVE-2024-50378) affects Apache Airflow versions before 2.10.3. The root cause is that when sensitive variables are set via the Airflow CLI, their values were written to audit logs and stored unencrypted in the Airflow database, making them accessible to authenticated users with audit lo...