Low severityNVD Advisory· Published Dec 14, 2020· Updated Feb 13, 2025
CVE-2020-17511
CVE-2020-17511
Description
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | < 1.10.13 | 1.10.13 |
Affected products
3- osv-coords2 versions
< 1.10.13+ 1 more
- (no CPE)range: < 1.10.13
- (no CPE)range: < 1.10.13
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-cvcq-gmc3-q6m8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-17511ghsaADVISORY
- github.com/apache/airflow/commit/4e32546faf227a6497ce8b282fff7450cae6f665ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-262.yamlghsaWEB
- lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3Eghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.