Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-40712


Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.


Published

2023-09-12T12:15:08.373

Last Modified

2024-11-21T08:20:00.877

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Primary
    CWE-200

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache airflow < 2.7.1 Yes

References