PyPI package
apache-airflow-providers-cncf-kubernetes
pkg:pypi/apache-airflow-providers-cncf-kubernetes
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-51702 | — | >= 5.2.0, < 7.0.0 | 7.0.0 | Jan 24, 2024 | Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, | ||
| CVE-2023-33234 | — | >= 5.0.0, < 7.0.0 | 7.0.0 | May 30, 2023 | Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connecti |
- CVE-2023-51702Jan 24, 2024affected >= 5.2.0, < 7.0.0fixed 7.0.0
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally,
- CVE-2023-33234May 30, 2023affected >= 5.0.0, < 7.0.0fixed 7.0.0
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connecti