CVE-2022-46651
Apache Airflow information disclosure vulnerability
6.5
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
How to fix CVE-2022-46651
To remediate CVE-2022-46651, upgrade the affected package to a fixed version below.
- —upgrade to 2.6.3 or later
- —upgrade to 2.6.3 or later
- —upgrade to 2.6.3 or later
Is CVE-2022-46651 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.6.3
- from 0, < 2.6.3
- from 0, < 2.6.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |