CVE-2023-25956 - OpenCVE

Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Apache-airflow-providers-amazon

Configuration 1 [-]

cpe:2.3:a:apache:apache-airflow-providers-amazon:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/apache/airflow/pull/29587
https://lists.apache.org/thread/07pl9y4gdpw2c6rzqm77dvkm2z2kb5gv

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-02-24T11:48:33.110Z

Updated: 2024-08-02T11:39:06.134Z

Reserved: 2023-02-17T10:12:03.880Z

Link: CVE-2023-25956

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-24T12:15:30.867

Modified: 2023-11-07T04:09:16.070

Link: CVE-2023-25956

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25956", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-02-17T10:12:03.880Z", "datePublished": "2023-02-24T11:48:33.110Z", "dateUpdated": "2024-08-02T11:39:06.134Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Airflow AWS Provider", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "7.2.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Using the \"AWS\" Provider for Apache Airflow<br>"}], "value": "Using the \"AWS\" Provider for Apache Airflow\n"}], "credits": [{"lang": "en", "type": "finder", "value": "Son Tran from VNPT - VCI"}, {"lang": "en", "type": "finder", "value": "kuteminh11"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider.<br><br><p>This issue affects Apache Airflow AWS Provider versions before 7.2.1.</p>"}], "value": "Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider.\n\nThis issue affects Apache Airflow AWS Provider versions before 7.2.1.\n\n"}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-03-07T08:23:44.307Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/apache/airflow/pull/29587"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/07pl9y4gdpw2c6rzqm77dvkm2z2kb5gv"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Airflow AWS Provider: Arbitrary file read via AWS provider", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:39:06.134Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/apache/airflow/pull/29587"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/07pl9y4gdpw2c6rzqm77dvkm2z2kb5gv"}]}]}}