Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache Airflow Unauthorized Access Vulnerability - Vulnerability Database

Apache Airflow Unauthorized Access Vulnerability

Description

Apache Airflow is an open-source workflow management platform for data engineering pipelines.

Invicti determined that it was possible to access Airflow Web interface without authentication. Airflow is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have it publicly accessible.

Remediation

Restrict public access and upgrade to the latest version of Airflow

References

Misconfigured Airflows Leak Thousands of Credentials from Popular Services

Related Vulnerabilities

ColdFusion administrator login page publicly available Low
Common tags: Insecure Admin Access
Unrestricted access to Odoo DB manager High
Common tags: Insecure Admin Access
Fortinet Authentication bypass on administrative interface High
Common tags: Insecure Admin Access
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112) Medium
Common tags: Insecure Admin Access
Unauthorized Access to a web app installer Medium
Common tags: Insecure Admin Access

Severity

High

Classification

CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Insecure Admin Access