Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
Metrics
Affected Vendors & Products
References
History
Fri, 04 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-07-12T09:17:06.966Z
Updated: 2024-10-04T13:45:35.520Z
Reserved: 2022-12-05T22:41:44.530Z
Link: CVE-2022-46651
Vulnrichment
Updated: 2024-08-03T14:39:39.124Z
NVD
Status : Modified
Published: 2023-07-12T10:15:09.623
Modified: 2024-11-21T07:30:51.570
Link: CVE-2022-46651
Redhat
No data.