Skip to content

Commit ed616d3

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent 1f304e6 commit ed616d3

File tree

1 file changed

+36
-4
lines changed

1 file changed

+36
-4
lines changed

advisories/unreviewed/2025/12/GHSA-fv47-pqh6-wxgq/GHSA-fv47-pqh6-wxgq.json renamed to advisories/github-reviewed/2025/12/GHSA-fv47-pqh6-wxgq/GHSA-fv47-pqh6-wxgq.json

Lines changed: 36 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,28 +1,60 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-fv47-pqh6-wxgq",
4-
"modified": "2025-12-15T21:30:30Z",
4+
"modified": "2025-12-16T17:50:22Z",
55
"published": "2025-12-15T12:30:27Z",
66
"aliases": [
77
"CVE-2025-66388"
88
],
9+
"summary": "Apache Airflow exposes secret values to authenticated UI users via rendered templates",
910
"details": "A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization.\n\nUsers are recommended to upgrade to version 3.1.4, which fixes this issue.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "PyPI",
21+
"name": "apache-airflow"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "3.1.0"
29+
},
30+
{
31+
"fixed": "3.1.5"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "< 3.1.4"
38+
}
39+
}
40+
],
1741
"references": [
1842
{
1943
"type": "ADVISORY",
2044
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66388"
2145
},
46+
{
47+
"type": "WEB",
48+
"url": "https://github.com/apache/airflow/pull/58767"
49+
},
2250
{
2351
"type": "WEB",
2452
"url": "https://github.com/apache/airflow/pull/58772"
2553
},
54+
{
55+
"type": "PACKAGE",
56+
"url": "https://github.com/apache/airflow"
57+
},
2658
{
2759
"type": "WEB",
2860
"url": "https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g"
@@ -37,8 +69,8 @@
3769
"CWE-201"
3870
],
3971
"severity": "MODERATE",
40-
"github_reviewed": false,
41-
"github_reviewed_at": null,
72+
"github_reviewed": true,
73+
"github_reviewed_at": "2025-12-16T17:50:22Z",
4274
"nvd_published_at": "2025-12-15T12:15:40Z"
4375
}
4476
}

0 commit comments

Comments
 (0)