Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46215

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.

Published

2023-10-28T08:15:07.553

Last Modified

2025-06-12T15:15:33.923

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-532

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	airflow	< 2.7.0	Yes
Application	apache	airflow_celery_provider	≤ 3.4.0	Yes

References

http://www.openwall.com/lists/oss-security/2023/10/28/1 Mailing List, Third Party Advisory ([email protected])
https://github.com/apache/airflow/pull/34954 Patch ([email protected])
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2023/10/28/1 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/apache/airflow/pull/34954 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)