apache-airflow is vulnerable to Information Exposure. The vulnerability is due a flaw in the “configuration” UI page when “non-sensitive-only” was set as webserver.expose_config
configuration. An attacker can exploit this vulnerability by sending a specially crafted request to see sensitive provider configuration and use this information to launch further attacks against the system.
CPE | Name | Operator | Version |
---|---|---|---|
apache-airflow | le | 2.8.4 | |
apache-airflow | le | 2.8.4 |