Home > Vulnerability Database > CVE-2023-35005

Mend.io Vulnerability Database

CVE-2023-35005

Good to know:

Date: June 19, 2023

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.

Language: Python

Severity Score

7.5

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-35005

Url: https://github.com/apache/airflow/commit/cab342ee010bfd048006ca458c760b37470b6ea5

Url: https://seclists.org/oss-sec/2023/q2/236

Url: https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd

Url: https://github.com/apache/airflow/pull/31820

Url: https://github.com/apache/airflow/pull/31788

Url: https://www.mend.io/vulnerability-database/CVE-2023-35005

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version apache-airflow - 2.6.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-35005

Good to know:

Date: June 19, 2023

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?