What is the vulnerability ID?

The vulnerability ID is CVE-2023-46215.

What is the severity of CVE-2023-46215?

The severity of CVE-2023-46215 is high with a severity value of 7.5.

What software is affected by CVE-2023-46215?

Apache Airflow and Apache Airflow Celery provider are affected by CVE-2023-46215.

What is the impact of CVE-2023-46215?

Sensitive information is logged as clear text when certain protocols are used as Celery result backend.

Are there any fixes or patches available for CVE-2023-46215?

Yes, please refer to the references for the fix and patch information.

Vulnerability/
CVE-2023-46215

high

7.5

CWE

532

28/10/2023

8/11/2023

CVE-2023-46215: Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

First published: Sat Oct 28 2023(Updated: )

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.

Credit: security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache Airflow	>=1.10.0<2.7.0
Apache Airflow Celery provider	>=3.3.0<=3.4.0
pip/apache-airflow	>=1.10.0<2.7.0	2.7.0
pip/apache-airflow-providers-celery	>=3.3.0<3.4.1	3.4.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2023-46215.
What is the severity of CVE-2023-46215?
The severity of CVE-2023-46215 is high with a severity value of 7.5.
What software is affected by CVE-2023-46215?
Apache Airflow and Apache Airflow Celery provider are affected by CVE-2023-46215.
What is the impact of CVE-2023-46215?
Sensitive information is logged as clear text when certain protocols are used as Celery result backend.
Are there any fixes or patches available for CVE-2023-46215?
Yes, please refer to the references for the fix and patch information.

collector/oss-sec
alias/CVE-2023-46215
collector/mitre-cve
collector/nvd-api
collector/github-advisory-latest
alias/GHSA-666g-rfc5-c9jv
collector/nvd-cve
collector/github-advisory
agent/severity
agent/author
agent/references
agent/title
agent/weakness
agent/description
agent/type
agent/tags
agent/event
vendor/apache
canonical/apache airflow
version/apache airflow/1.10.0
canonical/apache airflow celery provider
version/apache airflow celery provider/3.3.0
version/apache airflow celery provider/3.4.0
package-manager/pip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.