Описание
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.2 (включая)
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00441
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-255
Связанные уязвимости
CVSS3: 9.8
debian
около 7 лет назад
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature d ...
EPSS
Процентиль: 63%
0.00441
Низкий
9.8 Critical
CVSS3
5 Medium
CVSS2
Дефекты
CWE-255