Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/CLincat/vulcat
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/XiaomingX/awesome-poc-for-red-team
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks
- https://github.com/google/tsunami-security-scanner-plugins
- https://github.com/t0m4too/t0m4to