oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2022-46651: Apache Airflow: Security vulnerability on AirFlow Connections

From: Ephraim Anierobi <ephraimanierobi () apache org>
Date: Tue, 11 Jul 2023 15:19:18 +0000
Severity: low

Affected versions:

- Apache Airflow before 2.6.3

Description:

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access 
to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with 
access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 
2.6.3 or later which has removed the vulnerability.

References:

https://github.com/apache/airflow/pull/32309
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-46651
Previous By Date Next
Previous By Thread Next

Current thread: