9 matches found
CVE-2024-31869
The CVE affects Apache Airflow 2.7.0–2.8.4, where an authenticated user can view sensitive provider configuration on the configuration UI if webserver.expose_config is set to non-sensitive-only; the Celery provider is noted as having sensitive configurations. Impact is information disclosure via ...
BIT-AIRFLOW-2023-45348 Apache Airflow: Configuration information leakage vulnerability
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...
CVE-2023-45348
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...
CVE-2023-45348
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...
PYSEC-2023-204
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...
PYSEC-2023-204
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...
Apache Airflow 信息泄露漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow version 2.7.0 and...
PYSEC-2021-2
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...