CVE-2020-17511

Summary

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache AirflowApache Airflow < 1.10.13affected

Weaknesses

  • Admin password gets logged in plain text

ADP Enrichment

CVE Program Container

Additional References

References