Lucene search
ApacheCVELIST:CVE-2020-17526HistoryDec 21, 2020 - 4:45 p.m.
CVE-2020-17526
2020-12-2116:45:13
apache
www.cve.org
2
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for [webserver] secret_key config.
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.10.14",
"status": "affected",
"version": "Apache Airflow",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2020-17526
2020-12-21 17:15:12
osv
osv
CVE-2020-17526
2020-12-21 17:15:12
PYSEC-2020-22
2020-12-21 17:15:00
BIT-airflow-2020-17526
2024-03-06 11:00:04
nvd
nvd
CVE-2020-17526
2020-12-21 17:15:12
nuclei
nuclei
Apache Airflow <1.10.14 - Authentication Bypass
2022-08-25 10:16:13
veracode
veracode
Insecure Default Secret Key
2020-12-22 04:35:19
prion
prion
Design/Logic Flaw
2020-12-21 17:15:00
github
github
Incorrect Session Validation in Apache Airflow
2021-04-20 16:40:27
fortinet
fortinet
Multiple vulnerabilities in Apache Airflow
2022-06-07 00:00:00