Database Storage Vulnerability in Django-Celery-Results by Celery
CVE-2020-17495

7.5HIGH

Key Information:

Vendor: Django-celery-results Project
Status: Django-celery-results
Vendor: CVE Published:; 11 August 2020

Summary

The django-celery-results library up to version 1.2.1 has a significant vulnerability where it stores task results in the database, potentially including sensitive information passed as variables into tasks. This data is stored in cleartext, increasing the risk of unauthorized access and exposure of sensitive information. It is crucial for users of this library to implement proper encryption measures and review their database storage practices to mitigate these risks.

References

https://github.com/celery/django-celery-results/issues/142

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 11, 2020
Vulnerability Reserved
Aug 11, 2020