Lucene search
GoogleOSV:PYSEC-2021-2HistoryFeb 17, 2021 - 3:15 p.m.
PYSEC-2021-2
2021-02-1715:15:00
Google
osv.dev
13
improper access control
apache airflow
configuration endpoint
EPSS
0.001
Percentile
38.9%
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when [webserver] expose_config is set to False in airflow.cfg. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
References
www.openwall.com/lists/oss-security/2021/02/17/1
github.com/advisories/GHSA-ffw3-6mp6-jmvj
lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E
lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E
Related
nvd
nvd
CVE-2021-26559
2021-02-17 15:15:13
cvelist
cvelist
veracode
veracode
Privilege Escalation
2021-04-08 06:05:43
osv
osv
BIT-airflow-2021-26559
2024-03-06 10:59:45
Improper Access Control in Apache Airflow
2021-04-07 21:05:57
CVE-2021-26559
2021-02-17 15:15:13
prion
prion
Improper access control
2021-02-17 15:15:00
github
github
Improper Access Control in Apache Airflow
2021-04-07 21:05:57
cve
cve
CVE-2021-26559
2021-02-17 15:15:13