How severe is CVE-2024-50378?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2024-50378?

This is classified as CWE-201, which is a common weakness in software security.

CVE-2024-50378

MEDIUM Year: 2024

CVSS v3 Score

4.9

Medium

Weakness Type

CWE-201

View all →

Vulnerability Description

Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table.

CVE-2020-1774

MEDIUM

CVSS:4.9(Medium)

When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of ...

CWE-2012020

CVE-2019-14849

MEDIUM

CVSS:4.6(Medium)

A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain acces...

CWE-2012019

CVE-2024-31200

MEDIUM

CVSS:4.6(Medium)

A “CWE-201: Insertion of Sensitive Information Into Sent Data” affecting the administrative account allows an attacker with physical access to the machine to retrieve the password in cleartext when an...

CWE-2012024

CVE-2020-25703

MEDIUM

CVSS:5.3(Medium)

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. T...

CWE-2012020

CVE-2021-1129

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the authentication for the general purpose APIs implementation of Cisco Email Security Appliance (ESA), Cisco Content Security Management Appliance (SMA), and Cisco Web Security App...

CWE-2012021

CVE-2022-27779

MEDIUM

CVSS:5.3(Medium)

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt w...

CWE-2012022

CVE-2024-50378

Vulnerability Description

Related Vulnerabilities

CVE-2020-1774

CVE-2019-14849

CVE-2024-31200

CVE-2020-25703

CVE-2021-1129

CVE-2022-27779