CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
77.5%
apache_airflow_providers_celery is vulnerable to Information Disclosure. An attacker is able to exploit this vulnerability by tricking a user into running an Airflow job that contains a malicious Celery task. The malicious task would then insert sensitive information into the Airflow logs as clear text when rediss
, amqp
or rpc
protocols are used resulting in exposure of confidential information.