Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-FFW3-6MP6-JMVJ
HistoryApr 07, 2021 - 9:05 p.m.

Improper Access Control in Apache Airflow

2021-04-0721:05:57
Google
osv.dev
15
apache airflow
access control
privilege escalation
configuration endpoint
stable api
sensitive information

EPSS

0.001

Percentile

38.9%

JSON

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when [webserver] expose_config is set to False in airflow.cfg. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.

Related

osv 3
nvd 1
cvelist 1
veracode 1
prion 1
github 1
cve 1
osv
osv
PYSEC-2021-2
2021-02-17 15:15:00
BIT-airflow-2021-26559
2024-03-06 10:59:45
CVE-2021-26559
2021-02-17 15:15:13
nvd
nvd
CVE-2021-26559
2021-02-17 15:15:13
cvelist
cvelist
CVE-2021-26559 CWE-284 Improper Access Control on Configurations Endpoint for the Stable API
2021-02-17 14:15:14
veracode
veracode
Privilege Escalation
2021-04-08 06:05:43
prion
prion
Improper access control
2021-02-17 15:15:00
github
github
Improper Access Control in Apache Airflow
2021-04-07 21:05:57
cve
cve
CVE-2021-26559
2021-02-17 15:15:13

EPSS

0.001

Percentile

38.9%

JSON
Related for OSV:GHSA-FFW3-6MP6-JMVJ
osv3nvd1cvelist1veracode1prion1github1cve1