Apache

Apache-airflow-providers-cncf-kubernetes

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 0.16%
  • Veröffentlicht 19.05.2026 19:19:00
  • Zuletzt bearbeitet 02.07.2026 16:37:59

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Ta...

  • EPSS 0.38%
  • Veröffentlicht 24.01.2024 13:15:08
  • Zuletzt bearbeitet 02.07.2026 17:01:47

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without...

  • EPSS 1.53%
  • Veröffentlicht 30.05.2023 11:15:09
  • Zuletzt bearbeitet 02.07.2026 17:01:47

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or...