Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.exposeconfig" configuration The celery provider is the only community provider...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions 2.7.0...

GHSA-FPXX-XV4C-GXQP Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the exposeconfig option is set to non-sensitive-only. The exposeconfig option is False by default. It is recommended to upgrade to a...

CVE-2023-45348

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...

PYSEC-2023-204

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...

CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...

PT-2023-8626 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.7.0 through 2.7.1 Description: The issue allows an authenticated user to retrieve sensitive configuration information when the expose config option is set to "non-sensitive-only". The expose config option is False by...

PT-2023-25091 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.5.0 through 2.6.1 Description: The issue in Apache Airflow involves the potential exposure of sensitive values to users under certain conditions. This is mitigated by the default configuration not showing sensitive...