Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-fpxx-xv4c-gxqp: Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected.

ghsa
Open in Source
#vulnerability#apache#git#auth

Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only

Moderate severity GitHub Reviewed Published Oct 14, 2023 to the GitHub Advisory Database • Updated Oct 17, 2023

Related news

CVE-2023-45348

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected.

ghsa: Latest News

GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`
ghsa