Vulnerability Description
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache-Airflow-Providers-Amazon | < 7.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/apache/airflow/pull/29587Patch
- https://lists.apache.org/thread/07pl9y4gdpw2c6rzqm77dvkm2z2kb5gvMailing ListVendor Advisory
- https://github.com/apache/airflow/pull/29587Patch
- https://lists.apache.org/thread/07pl9y4gdpw2c6rzqm77dvkm2z2kb5gvMailing ListVendor Advisory
FAQ
What is CVE-2023-25956?
CVE-2023-25956 is a vulnerability with a CVSS score of 7.5 (HIGH). Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.
How severe is CVE-2023-25956?
CVE-2023-25956 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-25956?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Apache-Airflow-Providers-Amazon.