CVE-2023-45348
on github
Published
Severity
CVSS v3:
4.3 MEDIUM
CVSS v2:
N/A
Description
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default.
It is recommended to upgrade to a version that is not affected.
References
Configurations
CPE23 | Version Start | Version End | Exact Version |
---|---|---|---|
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* | 2.7.0 (including) | 2.7.2 | * |