Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
June 20, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
June 21, 2023Rewterz Threat Alert – An Emerging Ducktail Infostealer – Active IOCs
June 20, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
June 21, 2023Severity
Medium
Analysis Summary
CVE-2023-35005
Apache Airflow could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information in configuration view, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-35005
Affected Vendors
Apache
Affected Products
- Apache Airflow 2.5.0
- Apache Airflow 2.6.1
Remediation
Upgrade to the latest version of Apache Airflow, available from the Apache Web site.