daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2020/CVE-2020-13927.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-05-16 15:35:03 -04:00
parent 74e92b8b0d
commit 249bb4e355
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2020/CVE-2020-13927.yaml
View File

@ -5,7 +5,7 @@ info:
author: pdteam
severity: critical
description: Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.
remediation: From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide.
remediation: From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references.
reference:
- https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E
- http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html