Security
Headlines

Headlines Latest CVEs

Headline

GHSA-mjqh-v5f2-g2mw: Apache Airflow information exposure vulnerability

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.

1 year ago

#vulnerability #apache #git #auth

Apache Airflow information exposure vulnerability

Moderate severity GitHub Reviewed Published Sep 12, 2023 to the GitHub Advisory Database • Updated Sep 12, 2023

Related news

CVE-2023-40712: Stop adding values to rendered templates UI when there is no dagrun by hussein-awala · Pull Request #33516 · apache/airflow

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.

1 year ago

#vulnerability #apache #auth

ghsa: Latest News

GHSA-486g-47cc-8wxf: aiocpa contains credential harvesting code

5 hours ago

GHSA-93ww-43rr-79v3: Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination

8 hours ago

GHSA-jgwc-jh89-rpgq: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability

8 hours ago

GHSA-xg58-75qf-9r67: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges

8 hours ago

GHSA-qqwr-j9mm-fhw6: deno_doc's HTML generator vulnerable to Cross-site Scripting

8 hours ago