High severityNVD Advisory· Published Jan 23, 2019· Updated Sep 16, 2024
CVE-2018-20245
CVE-2018-20245
Description
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | < 1.10.1 | 1.10.1 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-77rc-x84q-pv4fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-20245ghsaADVISORY
- github.com/apache/airflow/commit/28abf87bd173cc4cedc57f553118470e5745a968ghsaWEB
- github.com/apache/airflow/commit/66d0d05ea0802aec407e0ef5435a962080db0926ghsaWEB
- github.com/apache/airflow/commit/d8d0e8c59203f793f81d47d5adb1362df0b5d8d1ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-143.yamlghsaWEB
- lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73%40%3Cdev.airflow.apache.org%3Emitrex_refsource_MISC
- lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73@%3Cdev.airflow.apache.org%3EghsaWEB
News mentions
0No linked articles in our index yet.