Apache Airflow - Unauthenticated Variable Import Vulnerability CVE-2021-38540 Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP,URL

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

10

Apache Airflow - Unauthenticated Variable Import Vulnerability CVE-2021-38540 Scanner Detail

In Apache Airflow application, there is Unauthenticated Variable Import vulnerability.

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.

Some Advice for Common Problems

Access restriction should be applied.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service