Lucene search
K

14 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:49 a.m.8 views

CVE-2022-27949

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

7.5CVSS6.7AI score0.0168EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-0016

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0168EPSS
Exploits0References10
OSV
OSV
added 2024/03/06 10:58 a.m.15 views

BIT-AIRFLOW-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

7.5CVSS7.3AI score0.0168EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/09/12 11:5 a.m.18 views

CVE-2023-40712 Apache Airflow: Secrets can be unmasked in the "Rendered Template"

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly...

6.6AI score0.01476EPSS
Exploits0References3
Veracode
Veracode
added 2022/11/15 11:49 a.m.24 views

Information Disclosure

apacheairflow is vulnerable to information disclosure. The vulnerability is due to getrenderedtemplatefields of taskinstance.py because secrets are rendered in the UI when the task has not executed which allows an attacker to view unmasked secrets in the rendered template values...

7.5CVSS6.9AI score0.0168EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/11/14 10:15 a.m.33 views

CVE-2022-27949

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

7.5CVSS0.0168EPSS
Exploits0References3
Prion
Prion
added 2022/11/14 10:15 a.m.19 views

Code injection

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

5CVSS7.4AI score0.0168EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2022/11/14 10:15 a.m.7 views

PYSEC-2022-42981

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

7.5CVSS6.9AI score0.0168EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/11/14 10:15 a.m.31 views

PYSEC-2022-42981

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

7.5CVSS6.7AI score0.0168EPSS
Exploits0References7
CVE
CVE
added 2022/11/14 12:0 a.m.108 views

CVE-2022-27949

CVE-2022-27949 affects Apache Airflow (UI) prior to 2.3.1. The issue allows viewing unmasked secrets in rendered template values for tasks that were not executed (e.g., tasks dependent on past/failed instances). Root cause details are not elaborated beyond the vulnerability description in the con...

7.5CVSS7.4AI score0.0168EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

Apache Airflow 信息泄露漏洞

Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. An information disclosure vulnerability exists in versions prior to Apache Airflow 2.3.1, which stems from the application...

7.5CVSS6.1AI score0.0168EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.4 views

PT-2022-18717 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.3.1 Description: A vulnerability in the UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks that were not executed, such as when tasks were depending on pas...

8.7CVSS7.2AI score0.0168EPSS
Exploits0References15
OSV
OSV
added 2022/11/14 12:0 a.m.19 views

CVE-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed for example when they were depending on past and previous instances of the task failed. This issue affects Apache Airflow prior to 2.3.1...

7.5CVSS7.1AI score0.0168EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2019/07/31 12:0 a.m.3 views

PT-2019-11742 · Jenkins · Jenkins Configuration As Code Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Configuration as Code Plugin versions 1.24 and earlier Jenkins Configuration as Code Plugin versions 0.8-alpha through 1.0 Description: The issue concerns the logging of configuration changes by the Configuration as Code Plugin, where...

5.5CVSS4.2AI score0.00368EPSS
Exploits0References6
Rows per page
Query Builder