Security Advisory

CVE-2023-45348

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-14 09:46:44

Last updated 2025-02-13 17:14:03

Assigner apache

State PUBLISHED

Description

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected.

← Browse all CVEs View on cve.org ↗