Vulnerability in Apache Software Foundation Airflow
CVE-2024-45784
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables…
EPSS: 0.011 (78.0th percentile) — read the EPSS interpretation.
Affected products
- Apache Software Foundation Airflow — versions 0
Weakness classification (CWE)
References
- github.com/apache/airflow/pull/43040 (patch)
- lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h (vendor-advisory)