VYPR
Moderate severityNVD Advisory· Published Feb 17, 2021· Updated Feb 13, 2025

Apache Airflow: Lineage API endpoint for Experimental API missed authentication check

CVE-2021-26697

Description

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-airflowPyPI
>= 2.0.0, < 2.0.1rc12.0.1rc1

Affected products

3

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.