/blog/tags/vulnerabilities/ Recent content in Vulnerabilities on Apache Airflow Hugo en Mon, 30 Mar 2026 19:44:57 +0200 /blog/fab-oid-vulnerability/ Mon, 26 Feb 2024 00:00:00 +0000 /blog/fab-oid-vulnerability/ <h1 id="vulnerability-in-long-deprecated-openid-authentication-method-in-flask-appbuilder">Vulnerability in long deprecated OpenID authentication method in Flask AppBuilder</h1> <p>Recently <a href="https://www.linkedin.com/in/islam-rzayev">Islam Rzayev</a> made us aware of a vulnerability in the long deprecated OpenID authentication method in Flask AppBuilder. This vulnerability allowed a malicious user to take over the identity of any Airflow UI user by forging a specially crafted request and implementing their own OpenID service. While this is an old, deprecated and almost not used authentication method, we still took the issue seriously.</p>