PT-2023-25091 · Apache · Apache Airflow

Piotr Chomiak

Publicado

2023-06-19

Atualizado

2024-03-06

CVE-2023-35005

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 2.5.0 through 2.6.1

Description The issue in Apache Airflow involves the potential exposure of sensitive values to users under certain conditions. This is mitigated by the default configuration not showing sensitive information in the UI, unless [webserver] expose config is set to non-sensitive-only. Not all uncensored values are actually sensitive.

Recommendations For Apache Airflow versions 2.5.0 through 2.6.1, update to version 2.6.2 or later to resolve the issue.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

BIT-AIRFLOW-2023-35005

CVE-2023-35005

GHSA-MJFF-WV85-HMCJ

PYSEC-2023-89

Produtos afetados

Apache Airflow

PT-2023-25091 · Apache · Apache Airflow

CVE-2023-35005

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13