CVE-2023-25695: Do not show version/node in UI traceback for unauthenticated user by potiuk · Pull Request #29501 · apache/airflow

The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

potiuk deleted the redact-version-node-information-for-non-authenticated-users branch

February 13, 2023 09:24

ephraimbuddy pushed a commit that referenced this pull request

Mar 7, 2023

…9501)

The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

(cherry picked from commit cf81455)

pierrejeambrun pushed a commit that referenced this pull request

Mar 7, 2023

…9501)

The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

(cherry picked from commit cf81455)

pierrejeambrun pushed a commit that referenced this pull request

Mar 8, 2023

…9501)

The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

(cherry picked from commit cf81455)

sirVir pushed a commit to sirVir/airflow that referenced this pull request

Mar 14, 2023

…ache#29501)

The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.