Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ygjc-77t9-yfge
Vulnerability ID VCID-ygjc-77t9-yfge
Aliases CVE-2020-17511
GHSA-cvcq-gmc3-q6m8
PYSEC-2020-262
Summary In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00487 https://api.first.org/data/v1/epss?cve=CVE-2020-17511
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-17511
https://github.com/advisories/GHSA-cvcq-gmc3-q6m8
https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.65749
EPSS Score 0.00487
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:20:53.616447+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2020-262.yaml 38.6.0