We use cookies to improve your experience on our site.
AVID-2026-R1211
Description
Information disclosure in Apache Airflow (CVE-2023-25695)
Details
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
Reason for inclusion in AVID: CVE-2023-25695 is an information-disclosure vulnerability in Apache Airflow (pre-2.5.2). Airflow is a workflow/orchestration tool commonly used in AI/ML data pipelines to build, deploy, and run tasks. As such, this software is a component frequently involved in AI system deployments, making it a relevant software supply chain item for AI systems. The vulnerability is clearly security-related (information disclosure) and supported by the CVE/NVD references. Therefore, it should be kept for AVID curation.
References
- NVD entry
- https://github.com/apache/airflow/pull/29501
- https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2
Affected or Relevant Artifacts
- Developer: Apache Software Foundation
- Deployer: Apache Software Foundation
- Artifact Details:
| Type | Name |
|---|---|
| System | Apache Airflow |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CWE
| ID | Description |
|---|---|
| CWE-209 | CWE-209 Generation of Error Message Containing Sensitive Information |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-03-15
- Version: 0.3.3
- AVID Entry