Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-35005

UNKNOWN
Published 2023-06-19T08:15:18.029Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-35005. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.

This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.

This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Airflow

Affected Versions:

2.5.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Apache Airflow vulnerable to exposure of sensitive information

GHSA-mjff-wv85-hmcj

Advisory Details

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.

Affected Packages

PyPI apache-airflow
ECOSYSTEM: ≥2.5.0 <2.6.2rc1

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-35005
WEB https://github.com/apache/airflow/pull/31788
WEB https://github.com/apache/airflow/pull/31820
WEB https://github.com/apache/airflow/commit/5679a01919ac9d5153e858f8b1390cbc7915f148
WEB https://github.com/apache/airflow/commit/f6cda8fb63250fc4700658999739c1c3c5f6625c
PACKAGE https://github.com/apache/airflow
WEB https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-89.yaml
WEB https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd

Advisory provided by GitHub Security Advisory Database. Published: June 19, 2023, Modified: November 18, 2024

References

https://github.com/apache/airflow/pull/31788
https://github.com/apache/airflow/pull/31820
https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd
Published: 2023-06-19T08:15:18.029Z
Last Modified: 2024-10-09T14:11:44.152Z
Copied to clipboard!