Internet Bug Bounty: CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID(2.0) is in use as AUTH_TYPE
CVE-2024-25128: Apache Airflow: Authentication Bypass when Legacy OpenID2.0 is in use as AUTHTYPE. When OpenID2.0 was used as the Authentication Type, an attacker could forge authentication to any existing account in the target Airflow installation by deceiving the backend to trust arbitrary Open...