CVE-2023-46215

Advisory

Certain versions of Apache Airflow and its Celery provider are affected by a vulnerability that results in sensitive information being logged in clear text, specifically when using the rediss, amqp, or rpc protocols as the Celery result backend. The security risk pertains to the exposure of this information within log files. Users are advised to implement upgrades that address this vulnerability to mitigate potential security risks.

Affected package

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

• https://github.com/apache/airflow/pull/34954
• https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n
• http://www.openwall.com/lists/oss-security/2023/10/28/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46215