Vulnerability: Apache Airflow <1.10.14 - Authentication Bypass

Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session.

Impact

Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized execution of arbitrary code.

Severity

high

Verified

Unknown