Incorrect Session Validation in Apache Airflow Webserver versions before 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache airflow |