漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Airflow: Configuration information leakage vulnerability
Vulnerability Description
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Apache Airflow 信息泄露漏洞
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2.7.0 版本和 2.7.1 版本存在信息泄露漏洞,该漏洞源于当“expose_config”选项设置为“non-sensitive-only”时,该漏洞允许经过身份验证的用户检索敏感配置信息。
CVSS Information
N/A
Vulnerability Type
N/A