Apache Airflow is one of the most popular open-source workflow management platforms.
Researchers from Intezer have discovered while investigating a misconfiguration flaw in Apache Airflow a large number of exposed instances over the web.
As reported by BleepingComputer, Slack, PayPal, and Amazon Web Services (AWS), among others, were just a few of the platforms affected by the Apache misconfiguration flaw.
Workflow management platforms are an indispensable tool for automating business and IT tasks. These platforms make it easier to create, schedule and monitor workflows. They are typically hosted on the cloud to provide increased accessibility and scalability. On the flip side, misconfigured instances that allow internet-wide access make these platforms ideal candidates for exploitation by attackers.
While researching a misconfiguration in the popular workflow platform, Apache Airflow, we discovered a number of unprotected instances. These unsecured instances expose sensitive information of companies across the media, finance, manufacturing, information technology