Nixpkgs security tracker
NIXPKGS-2026-0033
GitHub issue
published on
Permalink
CVE-2025-68675
7.5 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): None (N)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): None (N)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
Apache Airflow: proxy credentials for various providers might leak in task logs
In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
References
Affected products
apache-airflow
- <3.1.6
Matching in nixpkgs
pkgs.apache-airflow
Programmatically author, schedule and monitor data pipelines
Package maintainers
-
@bhipple Benjamin Hipple <bhipple@protonmail.com>
-
@gbpdt Graham Bennett <nix@pdtpartners.com>
-
@ingenieroariel Ariel Nunez <ariel@nunez.co>