7 matches found
CVE-2026-48892
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
CVE-2026-48892
CVE-2026-48892 : Apache Airflow's Config API leaks per-key secrets-backend overrides via environment variables (e.g., AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID, AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID) that are not in sensitive_config_values, allowing an authenticated UI/API user with...
CVE-2026-48892
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
CVE-2026-48892 Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthetic options
The Config API in Apache Airflow surfaced per-key secrets-backend overrides environment variables like AIRFLOWSECRETSBACKENDKWARGSECRETID and AIRFLOWWORKERSSECRETSBACKENDKWARGSECRETID as synthetic config options whose option names were not in sensitiveconfigvalues, so the masker did not redact...
sr-npm (=1.7.308) potentially affected by unknown CVE via wix-secrets-backend (=0.0.1-security)
wix-secrets-backend NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on wix-secrets-backend and may be impacted: - sr-npm =1.7.308 Source cves: unknown CVE Source advisory: OSV:MAL-2025-39369...
Malicious code in wix-secrets-backend (npm)
The package wix-secrets-backend was found to contain malicious code...
MAL-2025-39369 Malicious code in wix-secrets-backend (npm)
The package wix-secrets-backend was found to contain malicious code...