Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected Packages

PyPI apache-airflow

Affected versions: 0 (fixed in 2.5.2rc1)

Related CVEs

CVE-2023-25695

Key Information

GHSA ID

GHSA-h6g5-wqqr-3mw3

Published

March 15, 2023 12:30 PM

Last Modified

February 13, 2025 4:50 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-airflow

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.