CVE-2022-27949

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.3.1

Description A vulnerability in the UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks that were not executed, such as when tasks were depending on past instances and previous instances of the task failed.

Recommendations For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BIT-AIRFLOW-2022-27949

CVE-2022-27949

GHSA-FVW2-2PF7-77VW

PYSEC-2022-42981

Affected Products

Apache Airflow

CVE-2022-27949

Weakness Enumeration

Related Identifiers

Affected Products

References · 15