oss-sec mailing list archives
CVE-2020-17511: Apache Airflow Admin password gets logged in plain text
From: Kaxil Naik <kaxilnaik () apache org>
Date: Fri, 11 Dec 2020 13:39:06 +0000
Versions Affected: < 1.10.13 Description: In Airflow < 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field. Credit: Ali Al-Habsi of Accellion Thanks, Kaxil, on behalf of Apache Airflow PMC
Current thread:
- CVE-2020-17511: Apache Airflow Admin password gets logged in plain text Kaxil Naik (Dec 11)