CVE-2021-26559: Improper Privilege Management
(updated )
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when [webserver] expose_config
is set to False
in airflow.cfg
. This allowed a privilege escalation attack. This issue affects Apache Airflow
References
Detect and mitigate CVE-2021-26559 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →