CVE-2020-17511
published 2020-12-14CVE-2020-17511: In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase…
medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | < 1.10.13 | 1.10.13 |
| apache_software_foundation | apache_airflow | >= Apache Airflow < 1.10.13 | 1.10.13 |