nuclei-templates/cves/2020/CVE-2020-13927.yaml

34 lines
1.5 KiB
YAML

id: CVE-2020-13927
info:
name: Unauthenticated Airflow Experimental REST API
author: pdteam
severity: critical
description: 'The previous default setting for Airflow''s Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the
default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing
users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default'
reference:
- https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E
- http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-13927
metadata:
verified: true
shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
tags: cve,cve2020,apache,airflow,unauth
requests:
- method: GET
path:
- '{{BaseURL}}/api/experimental/latest_runs'
matchers:
- type: word
words:
- '"dag_run_url":'
- '"dag_id":'
- '"items":'
condition: and