14 matches found
CVE-2022-27949
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
EUVD-2022-0016
Malicious code in bioql PyPI...
BIT-AIRFLOW-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
CVE-2023-40712 Apache Airflow: Secrets can be unmasked in the "Rendered Template"
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly...
Information Disclosure
apacheairflow is vulnerable to information disclosure. The vulnerability is due to getrenderedtemplatefields of taskinstance.py because secrets are rendered in the UI when the task has not executed which allows an attacker to view unmasked secrets in the rendered template values...
CVE-2022-27949
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
Code injection
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
PYSEC-2022-42981
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
PYSEC-2022-42981
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
CVE-2022-27949
CVE-2022-27949 affects Apache Airflow (UI) prior to 2.3.1. The issue allows viewing unmasked secrets in rendered template values for tasks that were not executed (e.g., tasks dependent on past/failed instances). Root cause details are not elaborated beyond the vulnerability description in the con...
Apache Airflow 信息泄露漏洞
Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. An information disclosure vulnerability exists in versions prior to Apache Airflow 2.3.1, which stems from the application...
PT-2022-18717 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.3.1 Description: A vulnerability in the UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks that were not executed, such as when tasks were depending on pas...
CVE-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...
PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...