Update CVE-2020-17526.yaml

2022-08-25 19:16:09 +05:30 · 2022-08-25 19:16:09 +05:30 · a34c8dc689
parent 4fbb0543a2
commit a34c8dc689
1 changed files with 8 additions and 10 deletions
--- a/cves/2020/CVE-2020-17526.yaml
+++ b/cves/2020/CVE-2020-17526.yaml
@ -1,22 +1,20 @@
 id: CVE-2020-17526

 info:
-  name: Apache Airflow authentication bypass
+  name: Apache Airflow < 1.10.14 - Authentication Bypass
  author: piyushchhiroliya
  severity: high
-  description: Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A.
+  description: |
+    Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A.
  reference:
+    - https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17526
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17526
+  classification:
+    cve-id: CVE-2020-17526
  metadata:
    verified: true
-    shodan-query: http.title:"Apache Airflow"
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
-    cvss-score: 7.7
-    cve-id: CVE-2020-17526
-    cwe-id: CWE-287
-  tags: cve,cve2020,apache,airflow
+    fofa-query: "Apache Airflow"
+  tags: cve,cve2020,apache,airflow,auth-bypass

 requests:
  - raw: