Lucene search
K

7 matches found

OSV
OSV
added 2021/02/17 3:15 p.m.19 views

CVE-2021-26697

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

5.3CVSS5.3AI score
Exploits0References4
OSV
OSV
added 2021/02/17 3:15 p.m.7 views

PYSEC-2021-3

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

5.3CVSS5.8AI score0.04555EPSS
Exploits0References6
Prion
Prion
added 2021/02/17 3:15 p.m.17 views

Authentication flaw

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

5CVSS5.3AI score0.04555EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/02/17 3:15 p.m.8 views

PYSEC-2021-2

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when webserver exposeconfig is set to False in airflow.cfg. This allowed a privilege escalation attack...

6.5CVSS6.6AI score0.02805EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/02/17 2:15 p.m.24 views

CVE-2021-26697 Apache Airflow: Lineage API endpoint for Experimental API missed authentication check

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...

5.6AI score0.04555EPSS
Exploits0References4
CVE
CVE
added 2021/02/17 2:15 p.m.91 views

CVE-2021-26697

CVE-2021-26697 affects Apache Airflow 2.0.0: the lineage endpoint of the deprecated Experimental API is not protected by authentication, allowing unauthenticated access to metadata about a DAG and its tasks. This is described as a low-severity issue with a low attack surface, requiring the attack...

5.3CVSS5.2AI score0.04555EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.7 views

Apache Airflow 访问控制错误漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A security vulnerability exists in Apache Airflow version 2.0.0, which stems from t...

5.3CVSS6AI score0.04555EPSS
Exploits0References6
Rows per page
Query Builder