Lucene search
ApacheCVELIST:CVE-2021-26559HistoryFeb 17, 2021 - 2:15 p.m.
CVE-2021-26559 CWE-284 Improper Access Control on Configurations Endpoint for the Stable API
2021-02-1714:15:14
CWE-284
apache
www.cve.org
5
cve-2021-26559
cwe-284
access control
apache airflow
privilege escalation
security vulnerability
stable api
EPSS
0.001
Percentile
38.9%
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when [webserver] expose_config is set to False in airflow.cfg. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Airflow 2.0.0"
}
]
}
]Related
osv
osv
PYSEC-2021-2
2021-02-17 15:15:00
BIT-airflow-2021-26559
2024-03-06 10:59:45
Improper Access Control in Apache Airflow
2021-04-07 21:05:57
nvd
nvd
CVE-2021-26559
2021-02-17 15:15:13
veracode
veracode
Privilege Escalation
2021-04-08 06:05:43
prion
prion
Improper access control
2021-02-17 15:15:00
github
github
Improper Access Control in Apache Airflow
2021-04-07 21:05:57
cve
cve
CVE-2021-26559
2021-02-17 15:15:13