CVE-2018-20245

Summary

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache AirflowApache Airflow <= 1.10.0affected

Weaknesses

  • Improper Certificate Validation

ADP Enrichment

CVE Program Container

Additional References

References