7 matches found
Apache Airflow - Unauthenticated Variable Import
Apache Airflow Airflow =2.0.0 and =2.0.0 and 2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution...
CVE-2021-38540
The variable import endpoint was not protected by authentication in Airflow =2.0.0, =2.0.0, 2.1.3...
acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.9.5.1rc1 <=1.3.1.post1) +118 more potentially affected by CVE-2021-38540 via apache-airflow (>=2.0.0 <=2.1.2)
apache-airflow PYPI version =2.0.0, =0.9.5.1rc1, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.10.2, =0.11.0 - airflow-ditto =0.0.1.2 and more Source cves: CVE-2021-38540 Source advisory: OSV:GHSA-H88F-R7CW-8FV3...
CVE-2021-38540
creationtimestamp| type| source ---|---|--- 2021-09-09 18:29:33+00:00| seen| https://t.me/cibsecurity/28591 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38540.yaml...
CVE-2021-38540
The variable import endpoint was not protected by authentication in Airflow =2.0.0, =2.0.0, 2.1.3...
CVE-2021-38540 Apache Airflow: Variable Import endpoint missed authentication check
The variable import endpoint was not protected by authentication in Airflow =2.0.0, =2.0.0, 2.1.3...
CVE-2021-38540
Affected software: Apache Airflow 2.x, specifically >=2.0.0 and