CVE-2021-26697

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.

Related Vulnerabilities

CVE-2012-1104

MEDIUM
CVSS:5.3(Medium)

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

CWE-2692012

CVE-2015-8032

MEDIUM
CVSS:5.3(Medium)

In Textpattern 4.5.7, an unprivileged author can change an article's markup setting.

CWE-2692015

CVE-2017-0360

MEDIUM
CVSS:5.3(Medium)

file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerabili...

CWE-2692017

CVE-2017-7782

MEDIUM
CVSS:5.3(Medium)

An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating syst...

CWE-2692017

CVE-2017-9662

MEDIUM
CVSS:5.3(Medium)

An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by defa...

CWE-2692017

CVE-2018-0573

MEDIUM
CVSS:5.3(Medium)

baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions) allows remote attackers to bypass access restriction for a content to view a file which is uploaded by a site use...

CWE-2692018