Severity: important Affected versions:
- Apache Airflow 2.7.0 before 2.7.2 Description: Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected. Credit: L3yx of Syclover Security Team (finder) Hussein Awala (remediation developer) References: https://airflow.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-45348
