CVE-2020-13927 - Apache Airflow's Experimental API Authentication Bypass
Project:Apache
Product:Airflow's Experimental API
Date Added:2022-01-18Due Date:2022-07-18
Vulnerability Name
Apache Airflow's Experimental API Authentication Bypass
Description
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-13927