H3-2022-0065¶

Unauthenticated Access to Apache Airflow

Description¶

The Apache Airflow application has been deployed without authentication enabled.

Impact¶

Attackers may act as an authorized user to view and alter sensitive information within the Airflow application.

References¶

• Apache Airflow Authentication Configuration
• CWE-306: Missing Authentication for Critical Function