Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:41 p.m.13 views

CVE-2021-35936

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.3CVSS7.1AI score0.04022EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2021/08/30 4:25 p.m.5 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +119 more potentially affected by CVE-2021-35936 via apache-airflow (>=1.8.2 <=2.1.1)

apache-airflow PYPI version =1.8.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-35936 Source advisory: OSV:GHSA-M6H2-JX9V-58W6...

5.3CVSS6.3AI score0.04022EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/08/16 8:15 a.m.7 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +119 more potentially affected by CVE-2021-35936 via apache-airflow (>=1.8.2 <=2.1.1)

apache-airflow PYPI version =1.8.2, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-35936 Source advisory: OSV:PYSEC-2021-122...

5.3CVSS6.3AI score0.04022EPSS
Exploits0
CVE
CVE
added 2021/08/16 7:25 a.m.87 views

CVE-2021-35936

Apache Airflow CVE-2021-35936 affects versions older than 2.1.2. When remote logging is not used, the worker (CeleryExecutor) or the scheduler (LocalExecutor) spins up a Flask logging server that binds to 0.0.0.0 on a specific port and lacks authentication, allowing reads of DAG job log files. Th...

5.3CVSS5.7AI score0.04022EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/08/16 7:25 a.m.25 views

CVE-2021-35936 No Authentication on Logging Server

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

5.7AI score0.04022EPSS
Exploits0References1
Rows per page
Query Builder