Skip to main content

Apache Airflow Providers Cncf Kubernetes

2 CVEs product

Monthly

CVE-2023-51702 PyPI MEDIUM PATCH This Month

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Airflow Apache Airflow Providers Cncf Kubernetes
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-33234 PyPI HIGH PATCH This Week

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Kubernetes Apache Airflow Providers Cncf Kubernetes
NVD VulDB
CVSS 3.1
7.2
EPSS
1.5%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kubernetes Airflow +1
NVD GitHub VulDB
EPSS 2% CVSS 7.2
HIGH PATCH This Week

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Kubernetes +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy