CVE-2017-17836

CVE-2017-17836

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system.

Source: CVE-2017-17836

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다