Apache Airflow: Unauthenticated API Requests - Proactive Insights and Support For Open-Source Applications

In Apache Airflow versions 1.10.11 and later a critical severity vulnerability CVE-2020-13927 was detected. This vulnerability allowed API requests to be made without authentication, posing significant security risks. To fix this issue, existing users need to update their configuration to [api]auth_backend = airflow.api.auth.backend.deny_all. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-13927.