Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-51702

UNKNOWN
Published 2024-01-24T12:56:17.869Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-51702. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.

This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Apache Software Foundation

Apache Airflow CNCF Kubernetes provider

Affected Versions:

5.2.0
Apache Software Foundation

Apache Airflow

Affected Versions:

2.3.0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

GHSA-mg2x-mggj-6955

Advisory Details

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.

Affected Packages

PyPI apache-airflow
ECOSYSTEM: ≥2.3.0 <2.6.1
PyPI apache-airflow-providers-cncf-kubernetes
ECOSYSTEM: ≥5.2.0 <7.0.0

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-51702
WEB https://github.com/apache/airflow/pull/29498
WEB https://github.com/apache/airflow/pull/30110
WEB https://github.com/apache/airflow/pull/36492
PACKAGE https://github.com/apache/airflow
WEB https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9
WEB http://www.openwall.com/lists/oss-security/2024/01/24/3

Advisory provided by GitHub Security Advisory Database. Published: January 24, 2024, Modified: January 31, 2024

References

https://github.com/apache/airflow/pull/29498
https://github.com/apache/airflow/pull/30110
https://github.com/apache/airflow/pull/36492
https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9
http://www.openwall.com/lists/oss-security/2024/01/24/3
Published: 2024-01-24T12:56:17.869Z
Last Modified: 2025-02-13T17:19:48.602Z
Copied to clipboard!