id: airflow-panel info: name: Apache Airflow Admin Login Panel author: pdteam severity: info description: An Apache Airflow admin login panel was discovered. reference: - https://airflow.apache.org/docs/apache-airflow/stable/security/webserver.html tags: panel,apache,airflow metadata: shodan-query: title:"Sign In - Airflow" classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-score: 8.3 cve-id: cwe-id: CWE-522 requests: - method: GET path: - "{{BaseURL}}/login/" - "{{BaseURL}}/admin/airflow/login" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "Airflow - Login" - "Sign In - Airflow" condition: or - type: status status: - 200 # Enhanced by mp on 2022/03/16