CVE-2023-46215Log File Information Exposure in Software Foundation Apache Airflow

CWE-532Log File Information Exposure4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 58.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apache Software Foundation Apache AirflowApache AirflowApache Software Foundation Apache Airflow Celery Provider+1 more
Timeline
PublishedOct 28

Description

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provid

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDapache/airflow_celery_provider3.3.03.4.0
NVDapache/airflow1.10.02.7.0
CVEListV5apache_software_foundation/apache_airflow1.10.02.7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability2023-10-28
CVEList
Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend2023-10-28
OSV
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability2023-10-28
CVE-2023-46215 — Log File Information Exposure | cvebase