Lucene search
Veracode Vulnerability DatabaseVERACODE:28794HistoryDec 22, 2020 - 4:35 a.m.
Insecure Default Secret Key
2020-12-2204:35:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.114 Low
EPSS
Percentile
95.2%
apache-airflow uses an insecure default secret key. A default value for secret_key is set prior to creation of the application, allowing any user to gain unauthorized access to the application if the default secret key is not changed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache-airflow | le | 1.10.13 | |
| apache-airflow | le | 1.10.13 |
Related
cve
cve
CVE-2020-17526
2020-12-21 17:15:12
osv
osv
CVE-2020-17526
2020-12-21 17:15:12
PYSEC-2020-22
2020-12-21 17:15:00
BIT-airflow-2020-17526
2024-03-06 11:00:04
nvd
nvd
CVE-2020-17526
2020-12-21 17:15:12
nuclei
nuclei
Apache Airflow <1.10.14 - Authentication Bypass
2022-08-25 10:16:13
cvelist
cvelist
CVE-2020-17526
2020-12-21 16:45:13
prion
prion
Design/Logic Flaw
2020-12-21 17:15:00
github
github
Incorrect Session Validation in Apache Airflow
2021-04-20 16:40:27
fortinet
fortinet
Multiple vulnerabilities in Apache Airflow
2022-06-07 00:00:00