CVSS 3.1 Score 4.3 of 10 (medium)


Published Oct 14, 2023
Updated: Nov 16, 2023
CWE ID 200


CVE-2023-45348 is a vulnerability affecting Apache Airflow versions 2.7.0 and 2.7.1. It allows an authenticated user to access sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The default setting for this option is False. To mitigate the vulnerability, it is recommended to upgrade to a version of Apache Airflow that is not affected. This vulnerability poses a medium risk with a base severity score of 4.3, with low privileges required and no user interaction necessary. The potential danger includes the exposure of sensitive information, although the impact on integrity and availability is considered none.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-45348 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options