Veracode Vulnerability DatabaseVERACODE:45174Cleartext Storage Of Sensitive Information
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.9%
apache-airflow & apache-airflow-providers-cncf-kubernetes are vulnerable to Cleartext Storage Of Sensitive Information. The vulnerability is due to the storage of configuration files without encryption, and plaintext logging of configuration details, allowing an attacker to access the kubernetes cluster if they gain access to the log file.
References
www.openwall.com/lists/oss-security/2024/01/24/3
github.com/apache/airflow/commit/274d9c3508179ae8b0f705d9787e8200be7718e1
github.com/apache/airflow/commit/4314571c31bc91274b7566bec49b15815b824c17
github.com/apache/airflow/commit/b5296b74361bfe2449033eca5f732c4a4377f6bb
github.com/apache/airflow/pull/29498
github.com/apache/airflow/pull/30110
github.com/apache/airflow/pull/36492
lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.9%