CVE-2023-45348

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Oct 14, 2023

Updated: Nov 16, 2023

CWE ID 200

Summary

CVE-2023-45348 is a vulnerability affecting Apache Airflow versions 2.7.0 and 2.7.1. An authenticated user can exploit this issue by accessing sensitive configuration information when the "expose_config" option is set to "non-sensitive-only." This option is usually False by default. To mitigate this risk, it is strongly recommended to upgrade to a newer version of Apache Airflow that is not vulnerable to this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Airflow

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s70XT1
https://www.cve.org/CVERecord?id=CVE-2023-45348
https://nvd.nist.gov/vuln/detail/CVE-2023-45348

Back to Vulnerability Database