3 matches found
CVE-2023-25956
The CVE-2023-25956 issue is a vulnerability in the Apache Airflow AWS Provider (pre-7.2.1) described as a generation of an error message that contains sensitive information, leading to information disclosure. Multiple connected sources corroborate affected versions (
CVE-2026-25604
CVE-2026-25604 affects Apache Airflow with the AWS Auth Manager: the code uses the client-supplied Host header to build the SAML ACS URL, bypassing validation against the configured instance URL. This enables potential cross-instance SAML token reuse and unauthorized access if a malicious Host he...
CVE-2026-42526
The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...