4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
18.8%
Apache Airflow is vulnerable to Information Disclosure. The vulnerability is due to the sensitive_config_values
function in configuration.py failing to check for sensitive configurations using case-sensitive matches. This allows an attackers to retrieve sensitive data by exploiting case mismatches, especially when the “expose_config” option is set to “non-sensitive-only”.
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow | le | 2.7.2rc1 | |
apache-airflow | le | 2.7.2rc1 |