Security Test: Airflow Config Exposure¶

Description¶

Default Severity:

When the Apache Airflow configuration file is accidentally left accessible, it can leak sensitive details like credentials and system settings. This opens the door for attackers to misconfigure or abuse your airflow instance, potentially exposing your data and overall infrastructure. The vulnerability often crops up from default settings or misconfigured access controls, so always double-check that only trusted users can access these files.

Configuration¶

Identifier: information_disclosure/airflow_config_exposure

Examples¶

All configuration available:

checks:
  information_disclosure/airflow_config_exposure:
    skip: false # default

Compliance and Standards¶

Standard	Value
OWASP API Top 10	API8:2023
OWASP LLM Top 10	LLM06:2023
PCI DSS	`1.3`
GDPR	`Article-32`
SOC2	`CC6`
PSD2	`Article-95`
ISO 27001	`A.12.6`
NIST	`SP800-123`
FedRAMP	`AC-6`
CWE	`200`
CVSS Vector	`AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
CVSS Score	`3.0`