Miggo Logo
Miggo Vulnerability Database
CVE-2023-25956

CVE-2023-25956: Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-25956
GHSA ID
GHSA-w695-p3j5-hrj9
EPSS Score
0.52296%
CWE
CWE-209
Published
2/24/2023
Updated
3/6/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-airflow-providers-amazonpip< 7.2.17.2.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper exception handling during AWS config file parsing. The patch in PR #29587 explicitly wraps configparser exceptions to prevent leakage of sensitive data. The _read_credentials_file function (or equivalent config parsing logic) would be the primary location where raw exceptions from configparser.RawConfigParser.read() could propagate, exposing file contents in error messages before version 7.2.1.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**n*r*tion o* *rror M*ss*** *ont*inin* S*nsitiv* In*orm*tion vuln*r**ility in t** *p**** *ir*low *WS Provi**r. T*is issu* *****ts *p**** *ir*low *WS Provi**r v*rsions ***or* *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom improp*r *x**ption **n*lin* *urin* *WS *on*i* *il* p*rsin*. T** p*t** in PR #***** *xpli*itly wr*ps *on*i*p*rs*r *x**ptions to pr*v*nt l**k*** o* s*nsitiv* **t*. T** _r***_*r***nti*ls_*il* *un*tion (or *quiv*l*nt *on*i* p