Page 6 of 74 results (0.012 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later. • https://github.com/apache/airflow/pull/31788 https://github.com/apache/airflow/pull/31820 https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. • http://www.openwall.com/lists/oss-security/2023/05/08/2 https://github.com/apache/airflow/pull/29506 https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v • CWE-270: Privilege Context Switching Error •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. • https://github.com/apache/airflow/pull/30447 https://github.com/apache/airflow/pull/30779 https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. • https://github.com/apache/airflow/pull/29501 https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. Este problema afecta a Apache Airflow: antes de 2.5.1; Apache Airflow MySQL Provider: anterior a 4.0.0. • https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi https://github.com/apache/airflow/pull/28811 https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •