CVE-2018-1000843
CVE-2018-1000843 affects Luigi prior to 2.8.0. The root issue is a CSRF vulnerability in the API endpoint /api/ that can cause leakage of Task metadata (name, id, parameters, etc.) to unauthorized users. Exploitation requires the victim to visit a specially crafted webpage from a network where th...