漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated
Vulnerability Description
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and display. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Apache Airflow 安全漏洞
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 3.1.6之前版本存在安全漏洞,该漏洞源于渲染模板字段时未包含用户注册的mask_secret模式,可能导致敏感值在Rendered Templates UI中以明文形式暴露。
CVSS Information
N/A
Vulnerability Type
N/A