Lucene search
ApacheVULNRICHMENT:CVE-2023-45348HistoryOct 14, 2023 - 9:46 a.m.
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability
2023-10-1409:46:44
CWE-200
apache
github.com
1
apache airflow
vulnerability
configuration info
leakage
versions 2.7.0
2.7.1
authenticated user
sensitive configuration
expose_config
non-sensitive-only
upgrade
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the “expose_config” option is set to “non-sensitive-only”. The expose_config option is False by default.
It is recommended to upgrade to a version that is not affected.
Related
github
github
cnvd
cnvd
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85611)
2023-10-17 00:00:00
osv
osv
BIT-2023-45348
2023-10-19 06:17:15
BIT-airflow-2023-45348
2024-03-06 10:52:21
PYSEC-2023-204
2023-10-14 10:15:00
cve
cve
CVE-2023-45348
2023-10-14 10:15:10
CVE-2023-46288
2023-10-23 19:15:11
prion
prion
Design/Logic Flaw
2023-10-14 10:15:00
Default configuration
2023-10-23 19:15:00
cvelist
cvelist
veracode
veracode
Information Disclosure
2023-10-18 05:20:50
nvd
nvd
CVE-2023-45348
2023-10-14 10:15:10
CVE-2023-46288
2023-10-23 19:15:11
vulnrichment
vulnrichment
AI Score
6.1
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-45348