Nixpkgs security tracker

Untriaged

Permalink CVE-2023-46215

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year, 2 months ago

Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.

References

https://github.com/apache/airflow/pull/34954 patch
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/28/1
https://github.com/apache/airflow/pull/34954 patchx_transferred
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2023/10/28/1 x_transferred
https://github.com/apache/airflow/pull/34954 patch
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/28/1
https://github.com/apache/airflow/pull/34954 patch
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/28/1
https://github.com/apache/airflow/pull/34954 patchx_transferred
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2023/10/28/1 x_transferred
https://github.com/apache/airflow/pull/34954 patch
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/28/1
https://github.com/apache/airflow/pull/34954 patchx_transferred
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2023/10/28/1 x_transferred
https://github.com/apache/airflow/pull/34954 patch
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/28/1
https://github.com/apache/airflow/pull/34954 patchx_transferred
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2023/10/28/1 x_transferred
https://github.com/apache/airflow/pull/34954 patch
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/28/1
https://github.com/apache/airflow/pull/34954 patchx_transferred
https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2023/10/28/1 x_transferred

Affected products

apache-airflow

<2.7.0

apache-airflow-providers-celery

=<3.4.0

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

nixos-unstable 2.7.3
- nixpkgs-unstable 2.7.3
- nixos-unstable-small 2.7.3

Package maintainers

@ingenieroariel Ariel Nunez <ariel@nunez.co>
@gbpdt Graham Bennett <nix@pdtpartners.com>
@bhipple Benjamin Hipple <bhipple@protonmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.apache-airflow

Package maintainers