Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2020-13927

Apache | Airflow's Experimental APIAdded 2022-01-18Remediation Deadline 2022-07-18

Apache Airflow's Experimental API Authentication Bypass

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-1188

CWE-306

References