High severityNVD Advisory· Published Jul 12, 2023· Updated Oct 4, 2024
Apache Airflow: Security vulnerability on AirFlow Connections
CVE-2022-46651
Description
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | < 2.6.3 | 2.6.3 |
Affected products
3- osv-coords2 versions
< 2.6.3+ 1 more
- (no CPE)range: < 2.6.3
- (no CPE)range: < 2.6.3
Patches
Vulnerability mechanics
References
6- github.com/apache/airflow/pull/32309ghsapatchWEB
- github.com/advisories/GHSA-xvw9-3mhm-xjqqghsaADVISORY
- lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24dghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-46651ghsaADVISORY
- github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yamlghsaWEB
News mentions
0No linked articles in our index yet.