CVE-2024-45784
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-45784 is a vulnerability affecting Apache Airflow versions before 2.10.3. This issue enables unintended or deliberate logging of sensitive configuration variables in task logs. The exposure of such data poses a risk to the security of Airflow deployments, as unauthorized users could potentially access these logs and exploit the information. Version 2.10.3 addresses the issue by masking secrets in task logs. It is strongly recommended that users upgrade to this version or the latest release to mitigate the vulnerability. Those suspecting that secret values have been logged in unsecured logs should also take steps to update those secrets.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Apache Airflow
Affected Vendors
- Apache Software Foundation