From 249bb4e355668843c95983ff0b91b07dcc2bd2f9 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Mon, 16 May 2022 15:35:03 -0400
Subject: [PATCH] Enhancement: cves/2020/CVE-2020-13927.yaml by mp

---
 cves/2020/CVE-2020-13927.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2020/CVE-2020-13927.yaml b/cves/2020/CVE-2020-13927.yaml
index 64316763b1..9d957199e2 100644
--- a/cves/2020/CVE-2020-13927.yaml
+++ b/cves/2020/CVE-2020-13927.yaml
@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: critical
   description: Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.
-  remediation: From Airflow 1.10.11 forward, the default has been changed to deny all requests by default.  Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide.
+  remediation: From Airflow 1.10.11 forward, the default has been changed to deny all requests by default.  Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references.
   reference:
     - https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E
     - http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html