2 matches found
The default installation configuration “[webserver] secret_key” of the Airflow data processing software’s creation, monitoring, and orchestration tools makes it possible for a malicious individual to gain unauthorized access to an external web server.
The vulnerability of the default installation configuration “webserver secretkey” in software for creating, monitoring, and orchestrating Airflow data processing scenarios is related to the use of pre-installed credentials. Exploiting this vulnerability could allow an attacker, operating remotely...
PT-2020-6687 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.14 Description: The issue is related to incorrect session validation in the Apache Airflow web server, caused by the use of a default configuration that includes a pre-set secret key. This allows a...