CVE-2023-25956 – apache-airflow-providers-amazon

Package

Manager: pip
Name: apache-airflow-providers-amazon
Vulnerable Version: >=0 <7.2.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00293 pctl0.52221

Details

Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1.

Metadata

Created: 2023-02-24T12:31:20Z
Modified: 2023-03-06T19:38:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-w695-p3j5-hrj9/GHSA-w695-p3j5-hrj9.json
CWE IDs: ["CWE-209"]
Alternative ID: GHSA-w695-p3j5-hrj9
Finding: F037
Auto approve: 1