CNNVD-202601-2903 Information

CNNVD ID

CNNVD-202601-2903

Related CVE

CVE-2025-68675

• CNNVD Published: 2026-01-16

Description (Chinese)

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 3.1.6之前版本存在安全漏洞，该漏洞源于连接中的代理和代理字段未默认视为敏感信息，可能导致代理凭据在日志输出中暴露。

Description (English)

Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There was a security loophole in the previous version of Apache AirFlow 3.1.6, which stemmed from the fact that the proxy and proxy fields in the connection were not defaulted to be considered sensitive information and could lead to the agent’s exposure in the log output.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-16

Last Modified

2026-02-24

References

https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5 http://www.openwall.com/lists/oss-security/2026/01/15/6 https://access.redhat.com/security/cve/cve-2025-68675

Patch

https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5