VYPR
Moderate severityNVD Advisory· Published Oct 14, 2023· Updated Feb 13, 2025

Apache Airflow: Configuration information leakage vulnerability

CVE-2023-45348

Description

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The expose_config option is False by default. It is recommended to upgrade to a version that is not affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-airflowPyPI
>= 2.7.0, < 2.7.22.7.2

Affected products

3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.