Lucene search
K

16 matches found

NVD
NVD
added 2026/07/07 10:16 a.m.11 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS0.00664EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-56783

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:16 p.m.5 views

CVE-2026-56783

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/29 5:16 p.m.7 views

EUVD-2026-40159

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 7:50 a.m.3 views

CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS6AI score0.00335EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/15 3:31 p.m.6 views

Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

The accesskey and connectionstring connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidently logged to logs, those values could be seen in the logs. Azure...

6.5CVSS5.8AI score0.00552EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/16 10:6 a.m.6 views

CVE-2025-68438

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS5.3AI score0.00586EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/16 10:6 a.m.5 views

CVE-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS7.1AI score0.00586EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-2983

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00881EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-2158

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00577EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/23 9:12 a.m.5 views

CVE-2024-35189

Fides is an open-source privacy engineering platform. The Fides webserver has a number of endpoints that retrieve ConnectionConfiguration records and their associated secrets which can contain sensitive data e.g. passwords, private keys, etc.. These secrets are stored encrypted at rest in the...

6.5CVSS6.7AI score0.00577EPSS
Exploits1References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2021/05/06 11:59 p.m.4 views

Vault GitHub Action Did Not Correctly Mask Multi-Line Secrets In Output

Summary The Vault GitHub Action, vault-action or vault-secrets “vault-action”, did not correctly mask multi-line secrets in its output. This vulnerability, CVE-2021-32074, was fixed in vault-action 2.2.0. Background The Vault GitHub Action, vault-action...

7.5CVSS7AI score0.0188EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2020/07/27 1:50 p.m.6 views

jenkins-credentials-binding-plugin: improper masking of secrets

Jenkins Credentials Binding Plugin 1.22 and earlier does not mask i.e., replace with asterisks secrets containing a $ character in some circumstances...

4.3CVSS6AI score0.00881EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2020/05/06 12:0 a.m.5 views

PT-2020-15395 · Jenkins · Jenkins Credentials Binding Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Binding Plugin versions 1.22 and earlier Description: The issue concerns the masking of secrets in the Jenkins Credentials Binding Plugin. Secrets containing a $ character are not properly masked in certain circumstances,...

4.3CVSS5.1AI score0.00881EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2019/07/31 12:0 a.m.3 views

PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...

5.5CVSS4.2AI score0.00368EPSS
Exploits0References6
Rows per page
Query Builder