nuclei-templates/cves/2020/CVE-2020-13927.yaml

31 lines
1.4 KiB
YAML
Raw Normal View History

2021-06-03 08:53:34 +00:00
id: CVE-2020-13927
info:
name: Unauthenticated Airflow Experimental REST API
author: pdteam
severity: critical
description: 'The previous default setting for Airflow''s Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the
default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing
users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default'
reference:
- https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E
- http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-13927
tags: cve,cve2020,apache,airflow,unauth
2021-06-03 08:53:34 +00:00
requests:
- method: GET
path:
- '{{BaseURL}}/api/experimental/latest_runs'
matchers:
- type: word
words:
- '"dag_run_url":'
- '"dag_id":'
- '"items":'
condition: and