Apache: >> Airflow >> 1.9.0 Security Vulnerabilities
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
CVSS Score
4.8
EPSS Score
0.007
Published
2019-04-10
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-04-10
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
CVSS Score
5.5
EPSS Score
0.009
Published
2019-02-27
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-01-23
Page 7