CVE-2021-35936

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.1.2

Description: The issue affects the logging server in Apache Airflow, which has no authentication and allows reading log files of DAG jobs when remote logging is not used. This could potentially expose sensitive information.

Recommendations: For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the logging server or disabling it when not in use to minimize the risk of exploitation.

Fix

Missing Authorization

Information Disclosure

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-200CWE-306

Related Identifiers

BIT-AIRFLOW-2021-35936

CVE-2021-35936

GHSA-M6H2-JX9V-58W6

PYSEC-2021-122

Affected Products

Apache Airflow

CVE-2021-35936

Weakness Enumeration

Related Identifiers

Affected Products

References · 13