CVE-2021-26559

CVE-2021-26559

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.

Source: CVE-2021-26559

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다