How severe is CVE-2024-45784?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-45784?

This is classified as CWE-1295, which is a common weakness in software security.

CVE-2024-45784 - HIGH Severity | CVSS 7.5

Vulnerability Description

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.

Related Vulnerabilities

CVE-2023-4215

HIGH

CVSS:7.5(High)

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.

CWE-12952023

CVE-2023-5392

HIGH

CVSS:7.5(High)

C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the function. Honeywell recommends updating to the most recent version of the pro...

CWE-12952023

CVE-2025-31001

HIGH

CVSS:7.5(High)

Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit allows Retrieve Embedded Sensitive Data. This issue affects GTM Kit: from n/a through 2.3.1.

CWE-12952025

CVE-2025-2877

MEDIUM

CVSS:6.5(Medium)

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook ...

CWE-12952025

CVE-2024-38516

HIGH

CVSS:8.8(High)

ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04....

CWE-12952024

CVE-2025-20643

MEDIUM

CVSS:5.7(Medium)

In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has...

CWE-12952025