Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-h6g5-wqqr-3mw3: Sensitive Information in Error Messages in Apache Airflow

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

ghsa
Open in Source
#vulnerability#apache#git#auth
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-25695

Sensitive Information in Error Messages in Apache Airflow

Low severity GitHub Reviewed Published Mar 15, 2023 to the GitHub Advisory Database • Updated Mar 16, 2023

Package

pip apache-airflow (pip)

Affected versions

< 2.5.2

Published by the National Vulnerability Database

Mar 15, 2023

Published to the GitHub Advisory Database

Mar 15, 2023

Last updated

Mar 16, 2023

Related news

CVE-2023-25695: Do not show version/node in UI traceback for unauthenticated user by potiuk · Pull Request #29501 · apache/airflow

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails
ghsa