Improper Authorization
Discription

apache_airflow is vulnerable to improper authorization. A deactivated user is able to continue using the UI or the API with an already authenticated session due to the insufficient checks in `create_app` function.Read More

References

https://github.com/apache/airflow/commit/59707cdf7eacb698ca375b5220af30a39ca1018chttps://github.com/apache/airflow/pull/26635https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y

8.1 High

CVSS3

  • Attack Vector
  • Attack Complexity
  • Privileges Required
  • User Interaction
  • Scope
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • Low
  • None
  • Unchanged
  • High
  • High
  • None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Back to Main
Subscribe for the latest news: