漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass
Vulnerability Description
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
Apache Airflow 安全漏洞
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 9.22.0之前版本存在安全漏洞,该漏洞源于未验证SAML身份验证的来源,可能导致通过重用其他实例的SAML响应访问具有不同访问控制的实例。
CVSS Information
N/A
Vulnerability Type
N/A