QwikSec

Security Database

CVE

CWE

Training

CVE-2023-40712

Published: Sep 12, 2023

Modified: Sep 25, 2024

PUBLISHED

Description

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.

Vendor	Product	Versions
Apache Software Foundation	Apache Airflow	affected `0 - < 2.7.1`

Weaknesses (CWE)

References

https://github.com/apache/airflow/pull/33512

patch

https://github.com/apache/airflow/pull/33516

patch

https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.