CVE-2017-17836

Summary

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache AirflowApache Airflow <= 1.8.2affected

Weaknesses

  • Information Exposure

ADP Enrichment

CVE Program Container

Additional References

References