CVE-2025-68675

Опубликовано: 16 янв. 2026

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.

Users are recommended to upgrade to 3.1.6 or later, which fixes this issue

Ссылки

https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/01/15/6
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Версия до 3.1.6 (исключая)

EPSS

Процентиль: 28%

0.001

Низкий

7.5 High

CVSS3

Дефекты

CWE-532

Связанные уязвимости

CVE-2025-68675

CVSS3: 7.5

debian

20 дней назад

In Apache Airflow versions before 3.1.6, the proxies and proxy fields ...

GHSA-7c2f-r6gc-h92h

CVSS3: 7.5

github

20 дней назад

Apache Airflow proxy credentials for various providers might leak in task logs

BDU:2026-00598

CVSS3: 7.5

fstec

22 дня назад

Уязвимость сетевого программного средства Apache Airflow, связанная с раскрытием информации через регистрационные файлы, позволяющая нарушителю раскрыть защищаемую информацию

EPSS

Процентиль: 28%

0.001

Низкий

7.5 High

CVSS3

Дефекты

CWE-532