CVE-2021-26559

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:airflow:2.0.0:*:*:*:*:*:*:*

Information

Published : 2021-02-17 07:15

Updated : 2022-10-24 10:02


NVD link : CVE-2021-26559

Mitre link : CVE-2021-26559


JSON object : View

Advertisement

dedicated server usa

Products Affected

apache

  • airflow