Количество 3
Количество 3
CVE-2021-26559
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
CVE-2021-26559
Improper Access Control on Configurations Endpoint for the Stable API ...
GHSA-ffw3-6mp6-jmvj
Improper Access Control in Apache Airflow
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-26559 Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. | CVSS3: 6.5 | 1% Низкий | почти 5 лет назад |
| CVE-2021-26559 Improper Access Control on Configurations Endpoint for the Stable API ... | CVSS3: 6.5 | 1% Низкий | почти 5 лет назад |
| GHSA-ffw3-6mp6-jmvj Improper Access Control in Apache Airflow | CVSS3: 6.5 | 1% Низкий | почти 5 лет назад |
Уязвимостей на страницу