Description
Apache Airflow is an open-source workflow management platform for data engineering pipelines.
Acunetix determined that it was possible to access Airflow Web interface without authentication.
Airflow is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have it publicly accessible.
Remediation
Restrict public access and upgrade to the latest version of Airflow
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6311)
Unrestricted access to NGINX+ Status module
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3092)
WordPress Plugin HTML5 MP3 Player with Playlist Free Information Disclosure (2.6)