Rewterz Threat Advisory – CVE-2020-17526 – Apache Airflow security bypass

Rewterz Threat Alert – Active Emotet – IOCs

December 21, 2020

Rewterz Threat Advisory – CVE-2020-26422 – Wireshark denial of service

December 22, 2020

Rewterz Threat Advisory – CVE-2020-17526 – Apache Airflow security bypass

Severity

High

Analysis Summary

Apache Airflow could allow a remote authenticated attacker to bypass security restrictions, caused by improper session validation in the Webserver when using default configuration. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to the Airflow Webserver on different site.

Impact

Security bypass

Affected Vendors

Apache

Affected Products

Apache Airflow 1.10.13

Remediation

Upgrade to the latest version of Apache Airflow (1.10.14 or later).

https://seclists.org/oss-sec/2020/q4/232

Rewterz Threat Alert – Active Emotet – IOCs

Rewterz Threat Advisory – CVE-2020-26422 – Wireshark denial of service

Rewterz Threat Advisory – CVE-2020-17526 – Apache Airflow security bypass

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan