CVE-2023-46215

CVE-2023-46215: Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Vendor Apache Software Foundation

Product Apache Airflow Celery provider

Weakness CWE-532 · Sensitive info in logs

Published October 28, 2023

Last update June 12, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.

Key dates

Disclosure timeline

October 28, 2023 CVE published

June 12, 2025 Record updated

Identifiers

CVE CVE-2023-46215

CWE CWE-532

Affected versions

Vendor Apache Software Foundation

Product Apache Airflow Celery provider

Affected ≥ 3.3.0 and ≤ 3.4.0

Vendor Apache Software Foundation

Product Apache Airflow

Affected ≥ 1.10.0 and < 2.7.0