Airflow@2.3.0 Security Vulnerabilities and Issues — Airflow@2.3.0 CVE List

Lucene search

ApacheAirflow2.3.0

3 matches found

CVE•added 2022/09/21 8:15 a.m.•69 views

CVE-2022-40604

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

7.5CVSS7.4AI score0.00562EPSS

CVE•added 2022/09/21 8:15 a.m.•64 views

CVE-2022-40754

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint.

6.1CVSS6.1AI score0.02065EPSS

CVE•added 2024/01/24 1:15 p.m.•44 views

CVE-2023-51702

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Ai...

6.5CVSS6.2AI score0.00058EPSS