Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache Airflow default credentials - Vulnerability Database

Apache Airflow default credentials

Description

Apache Airflow is an open-source workflow management platform for data engineering pipelines.

Invicti determined that it is possible to access the Apache Airflow by using the default credentials. You should change these default credentials. Airflow is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have it publicly accessible.

Remediation

Change the default administrative credentials for Apache Airflow

References

Airflow Security

Related Vulnerabilities

PrimeFaces 5.x Expression Language injection High
Common tags: Default Credentials
Oracle PeopleSoft SSO weak secret key High
Common tags: Default Credentials
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112) Medium
Common tags: Default Credentials
Unrestricted access to Haproxy Data Plane API High
Common tags: Default Credentials
RethinkDB administrative interface publicly exposed High
Common tags: Default Credentials

Severity

High

Classification

CWE-798
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Default Credentials