Security Advisory

CVE-2021-35936

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-16 07:25:11

Last updated 2024-08-04 00:40:47

Assigner apache

State PUBLISHED

Description

If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.

← Browse all CVEs View on cve.org ↗