oss-sec mailing list archives
CVE-2023-45348: Apache Airflow: Configuration information leakage vulnerability
From: Ephraim Anierobi <ephraimanierobi () apache org>
Date: Fri, 13 Oct 2023 15:14:01 +0000
Severity: important Affected versions: - Apache Airflow 2.7.0 before 2.7.2 Description: Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected. Credit: L3yx of Syclover Security Team (finder) Hussein Awala (remediation developer) References: https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-45348
Current thread:
- CVE-2023-45348: Apache Airflow: Configuration information leakage vulnerability Ephraim Anierobi (Oct 13)