CVE-2018-20245
published 2019-01-23CVE-2018-20245: The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions…
high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | < 1.10.1 | 1.10.1 |
| apache_software_foundation | apache_airflow | — | — |