漏洞标题
Apache Airflow: Airflow "Run task" 功能允许不必要的特权执行
漏洞描述信息
Apache Airflow:Airflow的“运行任务”功能允许以不必要的权限执行
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
信息暴露
漏洞标题
Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges
漏洞描述信息
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0.
CVSS信息
N/A
漏洞类别
带着不必要的权限执行
漏洞标题
Apache Airflow 安全漏洞
漏洞描述信息
Apache Airflow是美国阿帕奇(Apache)基金会的一套用于创建、管理和监控工作流程的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 2.6.0之前版本存在安全漏洞,该漏洞源于Run Task功能存在权限绕过问题。未授权攻击者可利用该漏洞访问敏感信息。
CVSS信息
N/A
漏洞类别
其他