H3-2022-0068¶

Airflow Configuration Exposure

Description¶

The Apache Airflow application exposes its config file to the public.

Impact¶

Attackers can steal secrets and version information from this file, allowing for targeted attacks with higher privledges than may otherwise be possible.

References¶

• Airflow Configuration Reference
• CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory