Home > Vulnerability Database > CVE-2023-46215

Mend.io Vulnerability Database

CVE-2023-46215

Good to know:

Date: October 28, 2023

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.

Language: Python

Severity Score

7.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46215

Url: http://www.openwall.com/lists/oss-security/2023/10/28/1

Url: https://github.com/apache/airflow

Url: https://github.com/apache/airflow/pull/34954

Url: https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n

Url: https://www.mend.io/vulnerability-database/CVE-2023-46215

Severity Score

7.5

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version apache-airflow-providers-celery - 3.4.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46215

Good to know:

Date: October 28, 2023

Language: Python

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?