CVE-2022-27949

Sažetak

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Reference

http://www.openwall.com/lists/oss-security/2022/11/14/3
https://github.com/apache/airflow/pull/22754
https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p
http://www.openwall.com/lists/oss-security/2022/11/14/3
https://github.com/apache/airflow/pull/22754
https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p

CVSS

Base:	7.5
Impact:	3.6
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

30-04-2025 - 20:15

Objavljeno

14-11-2022 - 10:15