CVE-2024-45784

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions before 2.10.3

Description: The issue is related to the exposure of sensitive configuration variables in task logs. This could allow unauthorized users to access critical data, potentially compromising the security of the Airflow deployment. The estimated number of potentially affected devices worldwide is over 54,000, as indicated by a search on ZoomEye.

Recommendations: To resolve the issue, users should upgrade to Airflow 2.10.3 or the latest version. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.