CVE-2025-68675

Gravedad:

Pendiente de análisis

Tipo:

CWE-532 Exposición de información a través de archivos de log

Fecha de publicación:

16/01/2026

Última modificación:

16/01/2026

Descripción

*** Pendiente de traducción *** In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.<br /> <br /> Users are recommended to upgrade to 3.1.6 or later, which fixes this issue

Impacto

Referencias a soluciones, herramientas e información

https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5
http://www.openwall.com/lists/oss-security/2026/01/15/6