In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.
References
Configurations
History
21 Nov 2024, 03:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E - |
07 Nov 2023, 02:41
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-01-23 17:29
Updated : 2024-11-21 03:18
NVD link : CVE-2017-17836
Mitre link : CVE-2017-17836
CVE.ORG link : CVE-2017-17836
JSON object : View
Products Affected
apache
- airflow
CWE
CWE-255
Credentials Management Errors