cve/CVE-2020-17526.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for [webserver] secret_key config.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/CLincat/vulcat
https://github.com/Threekiii/Awesome-POC
https://github.com/Threekiii/Vulhub-Reproduce
https://github.com/bakery312/Vulhub-Reproduce
https://github.com/t0m4too/t0m4to

1.2 KiB Raw Blame History

CVE-2020-17526

Description

POC

Reference

Github

1.2 KiB

Raw Blame History