PT-2023-8625 · Apache · Apache Airflow
Klexadoc
·
Published
2023-09-12
·
Updated
2026-02-20
·
CVE-2023-40712
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Apache Airflow versions prior to 2.7.1
Description
The issue allows authenticated users who have access to see the task/dag in the UI to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. This is related to the disclosure of protected information.
Recommendations
For Apache Airflow versions prior to 2.7.1, upgrade to version 2.7.1 or later, which has removed the vulnerability.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow