Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-32wr-qqw6-5mfp: Apache Airflow vulnerable to sensitive information exposure

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user with access to read specific DAGs only to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

ghsa
Open in Source
#vulnerability#apache#git#auth

Apache Airflow vulnerable to sensitive information exposure

Moderate severity GitHub Reviewed Published Oct 14, 2023 to the GitHub Advisory Database • Updated Oct 17, 2023

Related news

CVE-2023-42663: REST API: Fix task instance access issue in the batch endpoint by ephraimbuddy · Pull Request #34315 · apache/airflow

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

ghsa: Latest News

GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`
ghsa