2 matches found
CVE-2021-26697
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can jus...
CVE-2021-26697
CVE-2021-26697 affects Apache Airflow 2.0.0: the lineage endpoint of the deprecated Experimental API is not protected by authentication, allowing unauthenticated access to metadata about a DAG and its tasks. This is described as a low-severity issue with a low attack surface, requiring the attack...