CVE-2017-17836
In Apache Airflow 1.8.2 and earlier, an experimental feature exposed authenticated cookies and passwords to databases used by Airflow. The vulnerability allows an attacker with limited access to Airflow—e.g., via XSS or an unlocked machine—to exfiltrate credentials from the system. Documented ref...