Описание
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:apache:airflow:2.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 85%
0.02459
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-269
CWE-306
Связанные уязвимости
CVSS3: 5.3
debian
почти 5 лет назад
The lineage endpoint of the deprecated Experimental API was not protec ...
EPSS
Процентиль: 85%
0.02459
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-269
CWE-306