CVE-2023-46288: Apache Airflow: Sensitive parameters exposed in API when „non-sensitive-only“ configuration is set

CVE-2023-46288: Apache Airflow: Sensitive parameters exposed in API when „non-sensitive-only“ configuration is set

Open Source Security 

Posted by Jarek Potiuk on Oct 23

Severity: low

Affected versions:

– Apache Airflow 2.4.0 before 2.7.0

Description:

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache
Airflow from 2.4.0 to 2.7.0.

Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via
Airflow REST API for configuration even when the expose_config option is set to…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert