CVE-2023-45348: Apache Airflow: Configuration information leakage vulnerability

CVE-2023-45348: Apache Airflow: Configuration information leakage vulnerability

Open Source Security 

Posted by Ephraim Anierobi on Oct 13

Severity: important

Affected versions:

– Apache Airflow 2.7.0 before 2.7.2

Description:

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve
sensitive configuration information when the „expose_config“ option is set to „non-sensitive-only“. The `expose_config`
option is False by default.
It is recommended to upgrade to a version that is not affected….
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert