In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and display. Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
Apache Airflow versions prior to 3.1.6 are vulnerable to a sensitive information disclosure flaw. Attackers can exploit this vulnerability to view cleartext secrets stored within rendered templates, potentially leading to unauthorized access to sensitive systems and data. Upgrading to version 3.1.6 or later is critical to mitigate this risk.
Step 1: Template Creation: An Airflow DAG (Directed Acyclic Graph) is created with template fields containing sensitive information (e.g., API keys, database passwords). These fields are often used within operators like BashOperator or PythonOperator.
Step 2: DAG Execution: The DAG is executed, and the template fields are rendered. This process substitutes variables and expressions within the templates with their actual values.
Step 3: Field Length Exceedance: The rendered template field's length exceeds the configured max_templated_field_length setting in the Airflow configuration.
Step 4: Serialization and Masking: The rendered template is serialized for display in the Rendered Templates UI. Due to the vulnerability, the secrets masking mechanism fails to apply user-defined masking patterns.
Step 5: Cleartext Exposure: The sensitive information within the template is displayed in cleartext within the Rendered Templates UI, despite the length truncation. Attackers can then view these secrets.
The vulnerability stems from a flaw in how Apache Airflow handles the masking of sensitive data within rendered templates. Specifically, when a rendered template field exceeds the max_templated_field_length configuration, the serialization process utilizes a secrets masker instance. This instance, in vulnerable versions, fails to incorporate user-registered mask_secret() patterns. Consequently, secrets are not reliably masked before truncation and display in the Rendered Templates UI. The root cause lies in the incorrect instantiation or configuration of the secrets masking mechanism, leading to a bypass of the intended security measures. This allows sensitive information, such as API keys, database credentials, and other secrets, to be exposed in plain text within the UI, potentially enabling attackers to gain unauthorized access to critical resources.