Description
Apache Airflow is an open-source workflow management platform for data engineering pipelines.
Acunetix determined that it was possible to access Airflow Experimental API without authentication(CVE-2020-13927).
Airflow is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have it publicly accessible.
Remediation
Upgrade to the latest version of Airflow
References
Related Vulnerabilities
Unrestricted access to NGINX+ Dashboard
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0703)
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10679)
WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.7)
WordPress Plugin Simple History Information Disclosure (2.7.4)