PT-2026-3232 · Apache · Apache Airflow
Ankit Chaurasia
+1
·
Published
2026-01-15
·
Updated
2026-02-20
·
CVE-2025-68675
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Airflow versions prior to 3.1.6
Description
Apache Airflow versions before 3.1.6 did not properly handle sensitive information within proxy URLs in Connection objects. Specifically, proxy credentials embedded in the
proxies and proxy fields were not automatically masked in log output, potentially exposing them when connections were rendered or printed to logs.Recommendations
Upgrade to version 3.1.6 or later to resolve this issue.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow