Vulnerability Description
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Airflow | < 2.6.3 |
Related Weaknesses (CWE)
References
- https://github.com/apache/airflow/pull/32309Patch
- https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24dMailing ListPatchVendor Advisory
- https://github.com/apache/airflow/pull/32309Patch
- https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24dMailing ListPatchVendor Advisory
FAQ
What is CVE-2022-46651?
CVE-2022-46651 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considere...
How severe is CVE-2022-46651?
CVE-2022-46651 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-46651?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Airflow.