id: airflow-api-exposure info: name: Apache Airflow API Exposure / Unauthenticated Access author: pd-team severity: medium requests: - method: GET path: - '{{BaseURL}}/api/experimental/latest_runs' matchers: - type: word words: - '"dag_run_url":' - '{"items":[' condition: and