CVE-2023-46215

Name of the Vulnerable Software and Affected Versions Apache Airflow Celery provider versions 3.3.0 through 3.4.0 Apache Airflow versions 1.10.0 through 2.6.3

Description The issue is related to the insertion of sensitive information into log files when using certain protocols as the Celery result backend, including rediss, amqp, and rpc. This vulnerability exposes sensitive information in the logs, but it does not involve accessing the logs. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Apache Airflow Celery provider versions 3.3.0 through 3.4.0, upgrade to version 3.4.1 to fix the issue. For Apache Airflow versions 1.10.0 through 2.6.3, upgrade to version 2.7.0 to fix the issue. As a temporary workaround, consider restricting the use of the rediss, amqp, and rpc protocols as the Celery result backend until a patch is available.