CVE-2022-46651

CWE-200Information Exposure5 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 63.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AirflowApache Airflow
Timeline
PublishedJul 12

Description

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDapache/airflow< 2.6.3
PyPIapache-airflow< 2.6.3

Patches

Patch: github.comPatch: lists.apache.orgPatch: github.com

🔴Vulnerability Details

4
OSV
Apache Airflow information disclosure vulnerability2023-07-12
CVEList
Apache Airflow: Security vulnerability on AirFlow Connections2023-07-12
GHSA
Apache Airflow information disclosure vulnerability2023-07-12
OSV
CVE-2022-46651: Apache Airflow, versions before 22023-07-12
CVE-2022-46651 (MEDIUM CVSS 6.5) | Apache Airflow | cvebase.io