Apache Airflow is used by organizations in sectors such as cybersecurity, ecommerce, energy, finance, health, information technology, manufacturing, media, and transportation. Misconfigured Apache Airflow instances that exposed sensitive information to anyone on the Internet. In most cases, insecure configuration is what led to the leak. The configuration file (airflow.cfg) is created when Airflow is first started. It contains Airflow’s configuration and it is able to be changed . The file contains secrets such as passwords and keys. But, if the expose_config
option in the file is mistakenly set to ‘True’ the configuration becomes accessible to anyone via the web server,
Set the expose_config
option to ‘False’