GHSA-h6g5-wqqr-3mw3

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-h6g5-wqqr-3mw3/GHSA-h6g5-wqqr-3mw3.json
Aliases
  • CVE-2023-25695
Published
2023-03-15T12:30:19Z
Modified
2023-03-17T21:51:48.003549Z
Details

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

References

Affected packages

PyPI / apache-airflow

apache-airflow

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
2.5.2

Affected versions

1.*

1.10.0
1.10.1
1.10.10
1.10.10rc1
1.10.10rc2
1.10.10rc3
1.10.10rc4
1.10.10rc5
1.10.11
1.10.11rc1
1.10.11rc2
1.10.12
1.10.12rc1
1.10.12rc2
1.10.12rc3
1.10.12rc4
1.10.13
1.10.13rc1
1.10.14
1.10.14rc1
1.10.14rc2
1.10.14rc3
1.10.14rc4
1.10.15
1.10.15rc1
1.10.1b1
1.10.1rc2
1.10.2
1.10.2b2
1.10.2rc1
1.10.2rc2
1.10.2rc3
1.10.3
1.10.3b1
1.10.3b2
1.10.3rc1
1.10.3rc2
1.10.4
1.10.4b2
1.10.4rc1
1.10.4rc2
1.10.4rc3
1.10.4rc4
1.10.4rc5
1.10.5
1.10.5rc1
1.10.6
1.10.6rc1
1.10.6rc2
1.10.7
1.10.7rc1
1.10.7rc2
1.10.7rc3
1.10.8
1.10.8rc1
1.10.9
1.10.9rc1
1.8.1
1.8.2
1.8.2rc1
1.9.0

2.*

2.0.0
2.0.0b1
2.0.0b2
2.0.0b3
2.0.0rc1
2.0.0rc2
2.0.0rc3
2.0.1
2.0.1rc1
2.0.1rc2
2.0.2
2.0.2rc1
2.1.0
2.1.0rc1
2.1.0rc2
2.1.1
2.1.1rc1
2.1.2
2.1.2rc1
2.1.3
2.1.3rc1
2.1.4
2.1.4rc1
2.1.4rc2
2.2.0
2.2.0b1
2.2.0b2
2.2.0rc1
2.2.1
2.2.1rc1
2.2.1rc2
2.2.2
2.2.2rc1
2.2.2rc2
2.2.3
2.2.3rc1
2.2.3rc2
2.2.4
2.2.4rc1
2.2.5
2.2.5rc1
2.2.5rc2
2.2.5rc3
2.3.0
2.3.0b1
2.3.0rc1
2.3.0rc2
2.3.1
2.3.1rc1
2.3.2
2.3.2rc1
2.3.2rc2
2.3.3
2.3.3rc1
2.3.3rc2
2.3.3rc3
2.3.4
2.3.4rc1
2.4.0
2.4.0b1
2.4.0rc1
2.4.1
2.4.1rc1
2.4.2
2.4.2rc1
2.4.3
2.4.3rc1
2.5.0
2.5.0rc1
2.5.0rc2
2.5.0rc3
2.5.1
2.5.1rc1
2.5.1rc2
2.5.2rc1
2.5.2rc2