Severity
Medium
Analysis Summary
CVE-2021-35936
Apache Airflow could allow a remote attacker to obtain sensitive information, caused by improper authentication validation when remote logging is not used. By sending a specially crafted request, an attacker could exploit this vulnerability to read log files of DAG jobs and use this information to launch further attacks against the affected system.
Impact
- Information Theft
- Unauthorized Access
Affected Vendors
Apache
Affected Products
- Apache Airflow 2.1.1
Remediation
Upgrade to the latest version of Apache Airflow (2.1.2 or later), available from the Apache Web site.