CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
apache_airflow is vulnerable to Unauthorized Access. The vulnerability is due to the lack of default authentication in the Experimental API, which allows API requests without verification, resulting in sensitive information exposure.
packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html
packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html
airflow.apache.org/docs/apache-airflow/1.10.11/security.html#api-authentication
github.com/advisories/GHSA-hhx9-p69v-cx2j
github.com/apache/airflow/commit/180bca4f993b7b778a8d2c65d3d357652218922b
github.com/apache/airflow/commit/9e305d6b810a2a21e2591a80a80ec41acb3afed0
github.com/apache/airflow/commit/c8053e166d45ad519c0a1cd4480e025a759c176e
github.com/apache/airflow/pull/9611
lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low