Lucene search

Veracode Vulnerability DatabaseVERACODE:44001

HistoryOct 26, 2023 - 7:10 a.m.

Information Disclosure

2023-10-2607:10:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

apache airflow

information disclosure

vulnerability

config endpoint

authenticated attacker

rest api

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.6%

JSON

apache-airflow is vulnerable to Information Disclosure. The vulnerability is found in the config_endpoint.py due to the fact that conf.getboolean("webserver", "expose_config") handles only the boolean cases and does not properly handle the case of non-sensitive-only. This oversight enables an authenticated attacker to read configuration values through the Airflow REST API by sending a maliciously crafted request.

CPENameOperatorVersion
apache-airflowle2.7.2rc1
apache-airflowle2.7.2rc1

CPE	Name	Operator	Version
	apache-airflow	le	2.7.2rc1
	apache-airflow	le	2.7.2rc1

References

www.openwall.com/lists/oss-security/2024/04/17/10

github.com/advisories/GHSA-9qqg-mh7c-chfq

github.com/apache/airflow/commit/7cd0748c6017abf8f0da241f0fa86488f32d5e95

github.com/apache/airflow/pull/32261

lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.6%

JSON

Related for VERACODE:44001