CVE-2023-35005

Опубликовано: 19 июн. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.

This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if [webserver] expose_config is set to non-sensitive-only), and not all uncensored values are actually sentitive.

This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.

Ссылки

https://github.com/apache/airflow/pull/31788
Patch
https://github.com/apache/airflow/pull/31820
Issue Tracking
https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd
Mailing List
Vendor Advisory
https://github.com/apache/airflow/pull/31788
Patch
https://github.com/apache/airflow/pull/31820
Issue Tracking
https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.6.2 (исключая)

EPSS

Процентиль: 40%

0.00187

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

CVE-2023-35005

CVSS3: 6.5

debian

больше 2 лет назад

In Apache Airflow, some potentially sensitive values were being shown ...

GHSA-mjff-wv85-hmcj

CVSS3: 6.5

github

больше 2 лет назад

Apache Airflow vulnerable to exposure of sensitive information

EPSS

Процентиль: 40%

0.00187

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

NVD-CWE-noinfo