GHSA-MG2X-MGGJ-6955 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

CVE-2023-51702

CVE-2023-51702 describes a vulnerability in Apache Airflow’s CNCF Kubernetes provider where, since version 5.2.0, using deferrable mode with the Kubernetes config file path causes the worker to serialize the file contents into a dictionary and store it in metadata unencrypted. For Airflow version...

CVE-2023-51702 Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an...

PT-2024-14253 · Airflow · Airflow

Name of the Vulnerable Software and Affected Versions: Airflow versions 5.2.0 through 6.x Airflow versions 2.3.0 through 2.6.0 Description: The Airflow worker serializes a Kubernetes configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption...