Description
Apache Airflow is an open-source workflow management platform for data engineering pipelines.
Acunetix determined that it was possible to access Airflow's airflow.cfg without authentication.
Airflow is designed to be accessed by trusted clients inside trusted environments. It's not recommended to have it publicly accessible.
Remediation
Set "expose_config" to "False" in the settings file
References
Related Vulnerabilities
Joomla! Core Information Disclosure (1.5.0 - 3.8.1)
WordPress 5.3.x Multiple Vulnerabilities (5.3 - 5.3.15)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1570)
Rails application running in development mode
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6311)