CVE-2024-45784

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 15, 2024
CWE ID 1295

Summary

CVE-2024-45784 is a vulnerability affecting Apache Airflow versions before 2.10.3. This issue enables unintended or deliberate logging of sensitive configuration variables in task logs. The exposure of such data poses a risk to the security of Airflow deployments, as unauthorized users could potentially access these logs and exploit the information. Version 2.10.3 addresses the issue by masking secrets in task logs. It is strongly recommended that users upgrade to this version or the latest release to mitigate the vulnerability. Those suspecting that secret values have been logged in unsecured logs should also take steps to update those secrets.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Airflow

Affected Vendors

  • Apache Software Foundation