CNNVD-202512-2705 Information
CNNVD ID
CNNVD-202512-2705
Related CVE
- CNNVD Published: 2025-12-15
Description (Chinese)
Apache Airflow是美国阿帕奇(Apache)基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow存在安全漏洞,该漏洞源于经过身份验证的UI用户可以查看渲染模板中的秘密值,可能导致秘密泄露。
Description (English)
Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There is a security loophole in Apache Airflow, which stems from the fact that an identified UI user can view the secret value in the rendering template, which may lead to a leak.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-12-15
Last Modified
2026-02-24
References
https://github.com/apache/airflow/pull/58772 https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g http://www.openwall.com/lists/oss-security/2025/12/12/1