Lucene search
+L

5 matches found

OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1144 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

6.5CVSS6.5AI score0.00381EPSS
Exploits0References9
OSV
OSV
added 2024/01/24 3:30 p.m.46 views

GHSA-MG2X-MGGJ-6955 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/01/24 12:56 p.m.49 views

CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

6.5AI score0.00381EPSS
Exploits0References5
CVE
CVE
added 2024/01/24 12:56 p.m.66 views

CVE-2023-51702

CVE-2023-51702 describes a vulnerability in Apache Airflow’s CNCF Kubernetes provider where, since version 5.2.0, using deferrable mode with the Kubernetes config file path causes the worker to serialize the file contents into a dictionary and store it in metadata unencrypted. For Airflow version...

6.5CVSS6.2AI score0.00381EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2024/01/24 12:0 a.m.9 views

PT-2024-14253

Name of the Vulnerable Software and Affected Versions Airflow versions 5.2.0 through 6.x Airflow versions 2.3.0 through 2.6.0 Description The Airflow worker serializes a Kubernetes configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption wh...

6.5CVSS6.6AI score0.00381EPSS
Exploits0References22
Rows per page
Query Builder