Executive Summary

The vulnerability in Apache Airflow's FTP provider involves the FTPSHook.get_conn() method creating an FTP_TLS connection without calling the prot_p() command. This means that while the control channel was protected by TLS, the data channel was transmitted in cleartext.

As a result, any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed the file contents and credentials in transit to network attackers who could observe the data connection.

The issue was fixed by upgrading apache-airflow-providers-ftp to version 3.15.1 or later, which issues the PROT P command to encrypt the data channel, securing the entire FTPS connection.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can expose sensitive file contents and credentials transmitted over FTPS to network attackers capable of observing the data connection.

An attacker could intercept and read data that was supposed to be encrypted, leading to potential data breaches, unauthorized access, and compromise of confidential information.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring FTPS connections to check if the data channel is transmitted in cleartext despite the control channel being TLS-protected.

Specifically, you can capture network traffic on the FTPS data channel and verify whether the data is encrypted or sent in plaintext.

Commands to help detect this include using packet capture tools like tcpdump or Wireshark to inspect FTPS sessions:

• tcpdump -i <interface> port 21 or port 990 -w ftps_capture.pcap
• Use Wireshark to open the capture file and check if the data channel packets are encrypted or plaintext.

If you observe FTP data channel traffic in cleartext (e.g., file contents or credentials), it indicates the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade the apache-airflow-providers-ftp package to version 3.15.1 or later.

This upgrade ensures that the FTPSHook issues the PROT P command to encrypt the data channel, protecting file contents and credentials in transit.

Until the upgrade is applied, avoid using FTPSHook or FTPSFileTransmitOperator for transferring files over FTPS, as they expose data to network attackers.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Apache Airflow's FTPS provider causes the data channel to be transmitted in cleartext, exposing file contents and credentials-in-transit to network attackers.

This exposure of sensitive data during transmission can lead to non-compliance with common security standards and regulations such as GDPR and HIPAA, which require protection of personal and sensitive information in transit.

By not encrypting the data channel, deployments using the affected FTPSHook or FTPSFileTransmitOperator risk violating these regulations' requirements for data confidentiality and integrity during transmission.

Upgrading to apache-airflow-providers-ftp version 3.15.1 or later, which properly secures the data channel with the PROT P command, mitigates this risk and helps maintain compliance.

Useful 0 Not Useful 0