Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-5ufe-1rrj-rkgp
Vulnerability ID VCID-5ufe-1rrj-rkgp
Aliases CVE-2022-27949
GHSA-fvw2-2pf7-77vw
PYSEC-2022-42981
Summary A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
epss 0.01636 https://api.first.org/data/v1/epss?cve=CVE-2022-27949
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-fvw2-2pf7-77vw
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-27949
https://github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a
https://github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443
https://github.com/apache/airflow/pull/22754
https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42981.yaml
https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p
http://www.openwall.com/lists/oss-security/2022/11/14/3
CVE-2022-27949 https://nvd.nist.gov/vuln/detail/CVE-2022-27949
GHSA-fvw2-2pf7-77vw https://github.com/advisories/GHSA-fvw2-2pf7-77vw
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.82237
EPSS Score 0.01636
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:31:01.071536+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2022-42981.yaml 38.6.0