Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:29938
HistoryApr 08, 2021 - 6:05 a.m.

Privilege Escalation

2021-04-0806:05:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
apache airflow
privilege escalation
viewer
user role
sensitive information
access control
configurations endpoint
stable api
airflow.cfg

EPSS

0.001

Percentile

38.9%

JSON

apache_airflow is vulnerable to privilege escalation. Users with Viewer or User role are able to access sensitive information as it does not enforce a proper access control on Configurations Endpoint for the Stable API even if [webserver] expose_config is set to False in airflow.cfg.

Related

osv 4
nvd 1
cvelist 1
prion 1
github 1
cve 1
osv
osv
PYSEC-2021-2
2021-02-17 15:15:00
BIT-airflow-2021-26559
2024-03-06 10:59:45
Improper Access Control in Apache Airflow
2021-04-07 21:05:57
nvd
nvd
CVE-2021-26559
2021-02-17 15:15:13
cvelist
cvelist
CVE-2021-26559 CWE-284 Improper Access Control on Configurations Endpoint for the Stable API
2021-02-17 14:15:14
prion
prion
Improper access control
2021-02-17 15:15:00
github
github
Improper Access Control in Apache Airflow
2021-04-07 21:05:57
cve
cve
CVE-2021-26559
2021-02-17 15:15:13

EPSS

0.001

Percentile

38.9%

JSON
Related for VERACODE:29938
osv4nvd1cvelist1prion1github1cve1