Technical Severity
CRITICALCVSS v3.1 Metrics
9.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitation Likelihood
EPSS Prediction
99.70
%
Predictive Probability
Percentile Rank
100.0
th
Documented as more likely to be exploited than 100.0% of known CVEs.
Detection Date
Jan 18, 2022
Remediation Due
Jul 18, 2022
CISA Catalog Active
Threat Analysis
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.
Remediation Directive
Apply updates per vendor instructions.