In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-01-08T00:00:00
Updated: 2019-04-05T20:05:57
Reserved: 2017-12-22T00:00:00
Link: CVE-2017-17836
JSON object: View
NVD Information
Status : Modified
Published: 2019-01-23T17:29:00.367
Modified: 2023-11-07T02:41:46.770
Link: CVE-2017-17836
JSON object: View
Redhat Information
No data.
CWE