Security
Headlines

Headlines Latest CVEs

Headline

GHSA-xvw9-3mhm-xjqq: Apache Airflow information disclosure vulnerability

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

1 year ago

#vulnerability #apache #git #auth

Apache Airflow information disclosure vulnerability

Moderate severity GitHub Reviewed Published Jul 12, 2023 to the GitHub Advisory Database • Updated Jul 12, 2023

Related news

CVE-2022-46651: Hide sensitive values from extra in connection edit form by potiuk · Pull Request #32309 · apache/airflow

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

1 year ago

#vulnerability #apache #auth

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

22 hours ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

22 hours ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

22 hours ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

23 hours ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

23 hours ago