CVE-2020-17511

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 1.10.13

Description The issue occurs when creating a user using the airflow CLI or when creating a Connection with a password field in Airflow, where the password gets logged in plain text in the Log table in Airflow Metadata.

Recommendations For versions prior to 1.10.13, update to version 1.10.13 or later to resolve the issue.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

BIT-AIRFLOW-2020-17511

CVE-2020-17511

GHSA-CVCQ-GMC3-Q6M8

PYSEC-2020-262

Affected Products

Airflow

CVE-2020-17511

Weakness Enumeration

Related Identifiers

Affected Products

References · 11