Skip to content

Information Disclosure: Airflow Config Exposure

Identifier: airflow_config_exposure

Scanner(s) Support

GraphQL Scanner REST Scanner WebApp Scanner

Description

When the Apache Airflow configuration file is accidentally left accessible, it can leak sensitive details like credentials and system settings. This opens the door for attackers to misconfigure or abuse your airflow instance, potentially exposing your data and overall infrastructure. The vulnerability often crops up from default settings or misconfigured access controls, so always double-check that only trusted users can access these files.

Configuration

Example

Example configuration:

---
security_tests:
  airflow_config_exposure:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference

assets_allowed

Type : List[AssetType]*

List of assets that this check will cover.

skip

Type : boolean

Skip the test if true.