漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Airflow: Secrets can be unmasked in the "Rendered Template"
Vulnerability Description
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Apache Airflow 信息泄露漏洞
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2.7.1 之前版本存在信息泄露漏洞,该漏洞源于允许有权查看 UI 中的task/dag 的用户创建 URL,这可能会导致任务的配置被揭露。
CVSS Information
N/A
Vulnerability Type
N/A