all InfoSec news
Multiple vulnerabilities in Apache Airflow
June 7, 2022, 7 a.m. |
FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com
CVE-2020-13927:
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to …
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories
Pervasive SQL injection in DAS component
2 weeks, 2 days ago |
fortiguard.fortinet.com
FortiClientEMS - CSV injection in log download feature
2 weeks, 2 days ago |
fortiguard.fortinet.com
FortiPortal - Improper Authorization in reports download
2 weeks, 2 days ago |
fortiguard.fortinet.com
FortiNAC - XSS in Show Audit Log
1 month, 2 weeks ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Azure Security Architect
@ First Quality | Remote US - Eastern or Central Timezone
Senior Security Engineer
@ LRQA | Birmingham, GB, B37 7ES
Product Security Intern
@ Sinch | Chicago, Illinois, United States
Cyber Support Engineer
@ Darktrace | New York