Vulnerability
Description
Apache Airflow is used by organizations in sectors such as cybersecurity, ecommerce, energy, finance, health, information technology, manufacturing, media, and transportation. Misconfigured Apache Airflow instances that exposed sensitive information to anyone on the Internet. In most cases, insecure configuration is what led to the leak. The configuration file (airflow.cfg) is created when Airflow is first started. It contains Airflow’s configuration and it is able to be changed . The file contains secrets such as passwords and keys. But, if the expose_config option in the file is mistakenly set to ‘True’ the configuration becomes accessible to anyone via the web server,
Mitigation measures
Set the expose_config option to ‘False’
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
