You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Improper Access Control in Apache Airflow
Moderate severity
GitHub Reviewed
Published
Apr 7, 2021
to the GitHub Advisory Database
•
Updated Sep 12, 2024
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when [webserver] expose_config is set to False in airflow.cfg. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when
[webserver] expose_config
is set toFalse
inairflow.cfg
. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.References