SCA: security update for airflow (GHSA-46c3-5xc5-wwhv)

high Tenable Self-Hosted Container Security Plugin ID 409993

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration
variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log
sensitive configuration variables. Unauthorized users could access these logs, potentially exposing
critical data that could be exploited to compromise the security of the Airflow deployment. In version
2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being
exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate
this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and
that your logs are not additionally protected, it is also recommended that you update those secrets.
(CVE-2024-45784)

See Also

https://github.com/advisories/GHSA-46c3-5xc5-wwhv

Plugin Details

Severity: High

ID: 409993

Version: Revision 1.17

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.73

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2024-45784

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 11/15/2024

Vulnerability Publication Date: 11/15/2024

Reference Information

CVE: CVE-2024-45784