CVE-2022-46651: Apache Airflow information disclosure vulnerability
(updated )
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
References
- github.com/advisories/GHSA-xvw9-3mhm-xjqq
- github.com/apache/airflow
- github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8
- github.com/apache/airflow/pull/32309
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml
- lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d
- nvd.nist.gov/vuln/detail/CVE-2022-46651
Detect and mitigate CVE-2022-46651 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →