CVE-2022-27949

EPSS 0.33%
Veröffentlicht 14.11.2022 10:15:10
Zuletzt bearbeitet 30.04.2025 20:15:16
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Airflow Version < 2.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.554

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.openwall.com/lists/oss-security/2022/11/14/3

Third Party Advisory

Mailing List

https://github.com/apache/airflow/pull/22754

Patch

Third Party Advisory

https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-27949

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-27949

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-27949

EUVD