Vulnerabilites related to apache - airflow
Vulnerability from fkie_nvd
Published
2024-06-14 09:15
Modified
2025-03-20 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/39550 | Patch | |
| security@apache.org | https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/06/13/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/39550 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "AA4BA634-5B90-46CC-8219-669CA3867C9C", versionEndExcluding: "2.9.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.\n\n", }, { lang: "es", value: "Uso de la vulnerabilidad de caché del navegador web que contiene información confidencial en Apache Airflow. Airflow no devolvió el encabezado \"Cache-Control\" para contenido dinámico, lo que en el caso de algunos navegadores podría resultar en el almacenamiento de datos confidenciales en la caché local del navegador. Este problema afecta a Apache Airflow: antes de 2.9.2. Se recomienda a los usuarios actualizar a la versión 2.9.2, que soluciona el problema.", }, ], id: "CVE-2024-25142", lastModified: "2025-03-20T20:15:31.320", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-14T09:15:09.103", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/39550", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/06/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/39550", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-525", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-08-06 13:29
Modified
2024-11-21 03:09
Severity ?
Summary
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "9A155253-3A8A-4428-B0B1-8E8CB8E2D567", versionEndExcluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.", }, { lang: "es", value: "Se ha descubierto Cross-Site Scripting (XSS) en ciertas páginas 404 que podría explotarse para realizar un ataque de Cross-Site Scripting (XSS). Chrome lo detectará como un intento de Cross-Site Scripting (XSS) reflejado y evitará que la página se cargue. Firefox y otros navegadores no, por lo que son vulnerables a este ataque. Mitigación: la solución a este problema es actualizar a Apache Airflow 1.9.0 o siguientes.", }, ], id: "CVE-2017-12614", lastModified: "2024-11-21T03:09:53.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-08-06T13:29:00.233", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-14 10:15
Modified
2024-11-21 06:56
Severity ?
Summary
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/11/14/3 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/22754 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/11/14/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/22754 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "2CE6B80D-5F3D-4DBD-9EE8-FC7394224B91", versionEndExcluding: "2.3.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.", }, { lang: "es", value: "Una vulnerabilidad en la interfaz de usuario de Apache Airflow permite a un atacante ver secretos desenmascarados en valores de plantilla representados para tareas que no se ejecutaron (por ejemplo, cuando dependían de instancias pasadas y anteriores de la tarea que fallaron). Este problema afecta a Apache Airflow antes de la versión 2.3.1.", }, ], id: "CVE-2022-27949", lastModified: "2024-11-21T06:56:31.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-14T10:15:10.120", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/3", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/22754", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/22754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-21 08:15
Modified
2024-11-21 07:21
Severity ?
Summary
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/26409 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/26409 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "5EB22638-3379-42B8-8DFA-14BE3E46B30B", versionEndIncluding: "2.3.4", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.", }, { lang: "es", value: "En Apache Airflow versiones 2.3.0 hasta 2.3.4, se presentaba un redireccionamiento abierto en el endpoint \"/confirm\" del servidor web", }, ], id: "CVE-2022-40754", lastModified: "2024-11-21T07:21:59.430", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-21T08:15:08.980", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/26409", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/26409", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-601", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-21 10:15
Modified
2024-11-21 08:37
Severity ?
Summary
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/12/21/4 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/33932 | Patch | |
| security@apache.org | https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/12/21/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33932 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "4677EF1A-E179-48BF-98C7-EACB269B0BDD", versionEndExcluding: "2.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue", }, { lang: "es", value: "Apache Airflow, en versiones anteriores a 2.8.0, se ve afectado por una vulnerabilidad que permite a un usuario autenticado sin el permiso de edición de variables actualizar una variable. Este fallo compromete la integridad de la gestión de variables, lo que podría provocar modificaciones de datos no autorizadas. Se recomienda a los usuarios actualizar a 2.8.0, que soluciona este problema", }, ], id: "CVE-2023-50783", lastModified: "2024-11-21T08:37:18.497", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-21T10:15:36.607", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/4", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33932", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-12 10:15
Modified
2024-11-21 07:45
Severity ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/32293 | Patch | |
| security@apache.org | https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/32293 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z | Mailing List, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "59410400-C27B-4D22-93D8-183F74F5081F", versionEndExcluding: "2.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", }, ], id: "CVE-2023-22888", lastModified: "2024-11-21T07:45:35.207", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-12T10:15:09.780", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32293", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-12 12:15
Modified
2024-11-21 08:20
Severity ?
Summary
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.
Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/33512 | Vendor Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/33516 | Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33512 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33516 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "3A5804BE-334F-4050-83E9-77893931B03C", versionEndExcluding: "2.7.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.", }, { lang: "es", value: "Apache Airflow, versiones anteriores a la 2.7.1, se ve afectada por una vulnerabilidad que permite a los usuarios autenticados que tienen acceso para ver la tarea/dag en la interfaz de usuario crear una URL, lo que podría llevar a desenmascarar la configuración secreta de la tarea que de otro modo estar enmascarado en la interfaz UI. Se recomienda encarecidamente a los usuarios que actualicen a la versión 2.7.1 o posterior, que ha eliminado la vulnerabilidad.", }, ], id: "CVE-2023-40712", lastModified: "2024-11-21T08:20:00.877", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-12T12:15:08.373", references: [ { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/33512", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/33516", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/33512", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/33516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-22 10:15
Modified
2025-04-29 16:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/27647 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl | Issue Tracking, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/27647 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl | Issue Tracking, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | apache-airflow-providers-apache-hive | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "24BE0EE8-9BCD-4DC8-8400-08A9084A4FFB", versionEndExcluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:apache-airflow-providers-apache-hive:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA32002-391F-442F-AB5A-C04EBC9E18E7", versionEndExcluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).", }, { lang: "es", value: "Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en Apache Airflow Hive Provider, Apache Airflow permite a un atacante ejecutar comandos arbitrarios en el contexto de ejecución de la tarea, sin acceso de escritura a los archivos DAG. Este problema afecta a las versiones del proveedor Hive anteriores a la 4.1.0. También afecta cualquier versión de Apache Airflow anterior a la 2.3.0 en caso de que esté instalado HIve Provider (Hive Provider 4.1.0 solo se puede instalar para Airflow 2.3.0+). Tenga en cuenta que debe instalar manualmente la versión 4.1.0 del proveedor Hive para eliminar la vulnerabilidad además de la versión 2.3.0+ de Airflow que tiene instalada una versión inferior del proveedor Hive).", }, ], id: "CVE-2022-41131", lastModified: "2025-04-29T16:15:25.140", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-11-22T10:15:16.687", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27647", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27647", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security@apache.org", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-06-07 19:15
Modified
2025-03-07 14:37
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dpgaspar | flask-appbuilder | * | |
| apache | airflow | 1.10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dpgaspar:flask-appbuilder:*:*:*:*:*:*:*:*", matchCriteriaId: "55820E08-A98E-4598-A552-0EA4819A45DC", versionEndIncluding: "3.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:1.10.0:*:*:*:*:*:*:*", matchCriteriaId: "6BE3E45C-D05B-4ACD-8468-32148E391456", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.", }, { lang: "es", value: "Flask-AppBuilder es un marco de desarrollo, construido sobre Flask. Enumeración de usuarios en la autenticación de la base de datos en Flask-AppBuilder versiones anteriores a 3.2.3 incluyéndola. Permite a un usuario no autenticado enumerar las cuentas existentes cronometrando el tiempo de respuesta del servidor cuando está iniciando la sesión. Actualice a la versión 3.3.0 o superior para resolverlo", }, ], id: "CVE-2021-29621", lastModified: "2025-03-07T14:37:51.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-06-07T19:15:07.600", references: [ { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E", }, { source: "security-advisories@github.com", url: "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E", }, { source: "security-advisories@github.com", tags: [ "Product", "Third Party Advisory", ], url: "https://pypi.org/project/Flask-AppBuilder/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", "Third Party Advisory", ], url: "https://pypi.org/project/Flask-AppBuilder/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-23 16:15
Modified
2024-11-21 08:15
Severity ?
Summary
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.
The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.
Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/08/23/2 | Mailing List, Patch, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/33070 | Patch | |
| security@apache.org | https://github.com/apache/airflow/pull/33075 | Patch | |
| security@apache.org | https://github.com/apache/airflow/pull/33108 | Patch | |
| security@apache.org | https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/08/23/2 | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33070 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33075 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33108 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb | Mailing List, Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | apache-airflow-providers-imap | * | |
| apache | apache-airflow-providers-smtp | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "4E21F5BA-D44C-4FE5-9211-E45B8BEE1DA0", versionEndExcluding: "2.7.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:apache-airflow-providers-imap:*:*:*:*:*:*:*:*", matchCriteriaId: "E1601545-5019-45D5-A049-90ED0536E570", versionEndExcluding: "3.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:apache-airflow-providers-smtp:*:*:*:*:*:*:*:*", matchCriteriaId: "97C37855-EE84-4FB9-8DD2-C2A702A0A5CD", versionEndExcluding: "1.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.\n\nThe default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.\n\nUsers are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability", }, { lang: "es", value: "Apache Airflow SMTP Provider antes de 1.3.0, Apache Airflow IMAP Provider antes de 3.3.0, y Apache Airflow antes de 2.7.0 están afectados por la vulnerabilidad Validation of OpenSSL Certificate. El contexto SSL por defecto con la librería SSL no comprobaba el certificado X.509 de un servidor. En su lugar, el código aceptaba cualquier certificado, lo que podía dar lugar a la revelación de credenciales del servidor de correo o del contenido del correo cuando el cliente se conectaba a un atacante en posición MITM. Se recomienda encarecidamente a los usuarios que actualicen a Apache Airflow versión 2.7.0 o posterior, Apache Airflow IMAP Provider versión 3.3.0 o posterior y Apache Airflow SMTP Provider versión 1.3.0 o posterior para mitigar el riesgo asociado a esta vulnerabilidad.", }, ], id: "CVE-2023-39441", lastModified: "2024-11-21T08:15:26.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-23T16:15:09.617", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/08/23/2", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33070", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33075", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33108", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/08/23/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33070", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33075", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/33108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-20 21:15
Modified
2025-04-28 18:21
Severity ?
Summary
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.
Users are recommended to upgrade to version 4.0.0, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | apache-airflow-providers-mongo | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:apache-airflow-providers-mongo:*:*:*:*:*:*:*:*", matchCriteriaId: "16EA331C-5376-460E-BEAA-B121E310E12E", versionEndExcluding: "4.0.0", versionStartIncluding: "1.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When ssl was enabled for Mongo Hook, default settings included \"allow_insecure\" which caused that certificates were not validated. This was unexpected and undocumented.\nUsers are recommended to upgrade to version 4.0.0, which fixes this issue.", }, { lang: "es", value: "Cuando se habilitó SSL para Mongo Hook, la configuración predeterminada incluía \"allow_insecure\", lo que provocaba que los certificados no se validaran. Esto fue inesperado e indocumentado. Se recomienda a los usuarios actualizar a la versión 4.0.0, que soluciona este problema.", }, ], id: "CVE-2024-25141", lastModified: "2025-04-28T18:21:07.020", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-02-20T21:15:08.267", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/02/20/5", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/37214", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/02/20/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/37214", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-23 17:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "2E9757BB-D71C-41F6-9D27-E63AC6B39D35", versionEndIncluding: "1.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.", }, { lang: "es", value: "En Apache Airflow, en versiones 1.8.2 y anteriores, una vulnerabilidad de Cross-Site Request Forgery (CSRF) permitía la inyección remota de comandos en una instalación por defecto de Airflow.", }, ], id: "CVE-2017-17835", lastModified: "2024-11-21T03:18:46.980", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-23T17:29:00.303", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-24 13:15
Modified
2024-11-21 08:38
Severity ?
Summary
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.
This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | airflow_cncf_kubernetes | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "6592EF36-124C-4817-AAA7-33E0D5C1AB57", versionEndExcluding: "2.6.1", versionStartIncluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow_cncf_kubernetes:*:*:*:*:*:*:*:*", matchCriteriaId: "FD1C8DDC-BBE7-494E-87EF-F478DB8453C0", versionEndExcluding: "7.0.0", versionStartIncluding: "5.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.\n\nThis behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.", }, { lang: "es", value: "Desde la versión 5.2.0, cuando se utiliza el modo diferible con la ruta de un archivo de configuración de Kubernetes para la autenticación, el trabajador de Airflow serializa este archivo de configuración como un diccionario y lo envía al activador almacenándolo en metadatos sin ningún cifrado. Además, si se utiliza con una versión de Airflow entre 2.3.0 y 2.6.0, el diccionario de configuración se registrará como texto plano en el servicio activador sin enmascaramiento. Esto permite que cualquier persona con acceso a los metadatos o al registro del activador obtenga el archivo de configuración y lo utilice para acceder al clúster de Kubernetes. Este comportamiento se cambió en la versión 7.0.0, que dejó de serializar el contenido del archivo y comenzó a proporcionar la ruta del archivo para leer el contenido en el activador. Se recomienda a los usuarios actualizar a la versión 7.0.0, que soluciona este problema.", }, ], id: "CVE-2023-51702", lastModified: "2024-11-21T08:38:38.443", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-24T13:15:08.150", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/3", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/29498", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/30110", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/36492", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/29498", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/30110", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/36492", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, { lang: "en", value: "CWE-532", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-14 10:15
Modified
2024-11-21 08:23
Severity ?
Summary
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "63233E2B-0359-41A5-A4BA-218F2CC2F778", versionEndExcluding: "2.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n\n", }, { lang: "es", value: "Apache Airflow, versiones anteriores a la 2.7.2, contiene una vulnerabilidad de seguridad que permite a los usuarios autenticados de Airflow enumerar advertencias para todos los DAG, incluso si el usuario no tenía permiso para ver esos DAG. Revelaría los dag_ids y los seguimientos de la pila de memoria de errores de importación para aquellos DAG con errores de importación. Se recomienda a los usuarios de Apache Airflow que actualicen a la versión 2.7.2 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.", }, ], id: "CVE-2023-42780", lastModified: "2024-11-21T08:23:08.560", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-14T10:15:10.303", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34355", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34355", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-19 09:15
Modified
2024-11-21 08:07
Severity ?
Summary
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.
This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.
This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "A5E73654-0236-4B7F-AEDF-94A8F5812E88", versionEndExcluding: "2.6.2", versionStartIncluding: "2.5.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.\n\nThis vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.\n\n\nThis issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.\n\n\n", }, ], id: "CVE-2023-35005", lastModified: "2024-11-21T08:07:48.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-06-19T09:15:09.380", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/31788", }, { source: "security@apache.org", tags: [ "Issue Tracking", ], url: "https://github.com/apache/airflow/pull/31820", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/31788", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", ], url: "https://github.com/apache/airflow/pull/31820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-11 14:15
Modified
2024-11-21 05:08
Severity ?
Summary
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "2CB32F13-FF76-4E5A-8F2D-D827771E58AE", versionEndExcluding: "1.10.15", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "498AB796-B84E-4682-BF15-16905DD626AF", versionEndExcluding: "2.0.2", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", }, { lang: "es", value: "El parámetro \"origin\" pasado a algunos de los endpoints como \"/trigger\" era vulnerable a una explotación de XSS. Este problema afecta a Apache Airflow versiones anteriores a 1.10.13. Es lo mismo que CVE-2020-13944, pero la corrección implementada en Airflow versión 1.10.13 no corrigió el problema completamente", }, ], id: "CVE-2020-17515", lastModified: "2024-11-21T05:08:15.943", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-11T14:15:11.143", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-12 10:15
Modified
2024-11-21 07:45
Severity ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/32293 | Patch | |
| security@apache.org | https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/32293 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo | Mailing List, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "59410400-C27B-4D22-93D8-183F74F5081F", versionEndExcluding: "2.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", }, ], id: "CVE-2023-22887", lastModified: "2024-11-21T07:45:35.050", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-12T10:15:09.707", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32293", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32293", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-14 10:15
Modified
2025-02-13 17:17
Severity ?
Summary
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "63233E2B-0359-41A5-A4BA-218F2CC2F778", versionEndExcluding: "2.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", }, { lang: "es", value: "Apache Airflow, en versiones anteriores a la 2.7.2, contiene una vulnerabilidad de seguridad que permite a un usuario autenticado con acceso limitado a algunos DAG crear una solicitud que podría darle al usuario acceso de escritura a varios recursos de DAG para los DAG a los que el usuario no tenía acceso. para, por lo tanto, permitir al usuario borrar DAG que no debería. Se recomienda encarecidamente a los usuarios de Apache Airflow que actualicen a la versión 2.7.2 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.", }, ], id: "CVE-2023-42792", lastModified: "2025-02-13T17:17:09.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-14T10:15:10.377", references: [ { source: "security@apache.org", url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34366", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-668", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-12 14:15
Modified
2025-02-13 18:15
Severity ?
Summary
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.
Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.3 or later which has removed the vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/11/12/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/33413 | Issue Tracking, Patch | |
| security@apache.org | https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/12/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33413 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0 | Mailing List |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DE0419-3A7A-4E73-A896-096554A71E34", versionEndExcluding: "2.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.", }, { lang: "es", value: "No pudimos aplicar CVE-2023-40611 en 2.7.1 y esta vulnerabilidad se marcó como solucionada en ese momento. Apache Airflow, versiones anteriores a 2.7.3, se ve afectada por una vulnerabilidad que permite a los usuarios autenticados y autorizados para ver DAG modificar algunos valores de detalles de ejecución de DAG al enviar notas. Esto podría hacer que alteren detalles como los parámetros de configuración, la fecha de inicio, etc. Los usuarios deben actualizar a la versión 2.7.3 o posterior, que ha eliminado la vulnerabilidad.", }, ], id: "CVE-2023-47037", lastModified: "2025-02-13T18:15:37.967", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-12T14:15:25.980", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/33413", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/33413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-17 15:15
Modified
2024-11-21 05:56
Severity ?
Summary
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6A12F59D-265C-4E88-A7A9-0A972A45408D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.", }, { lang: "es", value: "Un Control de Acceso Inapropiado en el Endpoint Configurations para la API Stable de Apache Airflow permite a usuarios con rol de Visualizadores o Usuario obtener Configuraciones de Airflow, incluyendo información confidencial, incluso cuando \"[webserver] expose_config\" está configurado como \"False\" en \"airflow.cfg\". Esto permitió un ataque de escalada de privilegios. Este problema afecta a Apache Airflow versión 2.0.0", }, ], id: "CVE-2021-26559", lastModified: "2024-11-21T05:56:28.070", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-17T15:15:13.500", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8%40%3Cannounce.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-17 14:15
Modified
2024-11-21 05:02
Severity ?
Summary
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "2CB32F13-FF76-4E5A-8F2D-D827771E58AE", versionEndExcluding: "1.10.15", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "498AB796-B84E-4682-BF15-16905DD626AF", versionEndExcluding: "2.0.2", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.", }, { lang: "es", value: "En Apache Airflow versiones anteriores a 1.10.12, el parámetro \"origin\" pasado a algunos de los endpoints como \"/trigger\" era vulnerable a una explotación de un XSS", }, ], id: "CVE-2020-13944", lastModified: "2024-11-21T05:02:12.133", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-17T14:15:12.810", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-21 10:15
Modified
2024-11-21 08:31
Severity ?
Summary
Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2
Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/12/21/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/34366 | Patch | |
| security@apache.org | https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/12/21/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/34366 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3 | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "4677EF1A-E179-48BF-98C7-EACB269B0BDD", versionEndExcluding: "2.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.", }, { lang: "es", value: "Apache Airflow, en versiones anteriores a la 2.8.0, contiene una vulnerabilidad de seguridad que permite a un usuario autenticado con acceso limitado a algunos DAG crear una solicitud que podría darle al usuario acceso de escritura a varios recursos de DAG para los DAG a los que el usuario no tenía acceso. para, por lo tanto, permitir al usuario borrar DAG que no debería. Esta es una solución que falta para CVE-2023-42792 en Apache Airflow 2.7.2. Se recomienda encarecidamente a los usuarios de Apache Airflow que actualicen a la versión 2.8.0 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.", }, ], id: "CVE-2023-48291", lastModified: "2024-11-21T08:31:25.060", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-21T10:15:36.043", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34366", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34366", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-668", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-22 10:15
Modified
2025-04-29 14:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/27646 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/27646 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45 | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | apache-airflow-providers-apache-spark | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "24BE0EE8-9BCD-4DC8-8400-08A9084A4FFB", versionEndExcluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:apache-airflow-providers-apache-spark:*:*:*:*:*:*:*:*", matchCriteriaId: "75A3614F-4FAE-4CE9-B135-3151588B1F88", versionEndExcluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).", }, { lang: "es", value: "Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en Apache Airflow Spark Provider. Apache Airflow permite a un atacante leer archivos arbitrarios en el contexto de ejecución de la tarea, sin acceso de escritura a los archivos DAG. Este problema afecta a las versiones del proveedor Spark anteriores a la 4.0.0. También afecta cualquier versión de Apache Airflow anterior a la 2.3.0 en caso de que Spark Provider esté instalado (Spark Provider 4.0.0 solo se puede instalar para Airflow 2.3.0+). Tenga en cuenta que debe instalar manualmente Spark Provider versión 4.0.0 para eliminar la vulnerabilidad además de la versión Airflow 2.3.0+ que tiene instalada una versión inferior de Spark Provider).", }, ], id: "CVE-2022-40954", lastModified: "2025-04-29T14:15:21.613", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-11-22T10:15:16.387", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27646", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-15 10:15
Modified
2025-02-13 15:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/29501 | Issue Tracking, Patch | |
| security@apache.org | https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/29501 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2 | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "78C0034A-C809-4649-90AE-96AA327554AD", versionEndExcluding: "2.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.\n\n", }, ], id: "CVE-2023-25695", lastModified: "2025-02-13T15:15:16.487", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-15T10:15:09.940", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/29501", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/29501", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 16:17
Modified
2025-03-27 20:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.
Users are recommended to upgrade to version 2.9.1, which fixes this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2024/05/14/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/38882 | Issue Tracking, Patch | |
| security@apache.org | https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/05/14/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/38882 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77 | Mailing List, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:2.9.0:-:*:*:*:*:*:*", matchCriteriaId: "67713622-C581-4BC0-B7B1-0FE3DD3A55C0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:2.9.0:beta1:*:*:*:*:*:*", matchCriteriaId: "6B4F89EF-D541-4D17-89EC-DBC97A3399AA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:2.9.0:beta2:*:*:*:*:*:*", matchCriteriaId: "ADBE102C-D1FE-4D57-9E00-C9A851515063", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:2.9.0:rc1:*:*:*:*:*:*", matchCriteriaId: "3186E514-8CA2-48E3-8B2B-3CD4D34447F5", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:2.9.0:rc2:*:*:*:*:*:*", matchCriteriaId: "62AA6481-91E2-43C6-BE9A-B809E2A723D2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:2.9.0:rc3:*:*:*:*:*:*", matchCriteriaId: "7F748994-9CDA-4ACE-A7DC-7EF6D1896082", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. \nUsers are recommended to upgrade to version 2.9.1, which fixes this issue.", }, { lang: "es", value: "Apache Airflow versión 2.9.0 tiene una vulnerabilidad que permite a un atacante autenticado inyectar datos maliciosos en los registros de instancias de tareas. Se recomienda a los usuarios actualizar a la versión 2.9.1, que soluciona este problema.", }, ], id: "CVE-2024-32077", lastModified: "2025-03-27T20:15:26.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-14T16:17:01.970", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/05/14/1", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/38882", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/05/14/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/38882", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-14 17:15
Modified
2024-11-21 04:22
Severity ?
Summary
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "5497B08A-0162-4CC2-A993-CE092FD2D7C8", versionEndExcluding: "1.10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected.", }, { lang: "es", value: "En Apache Airflow versiones anteriores a 1.10.5, cuando se ejecuta con la interfaz de usuario \"clasic\", un usuario administrador malicioso podía editar el estado de los objetos en la base de datos de metadatos de Airflow para ejecutar javascript arbitrario en determinadas vistas de página. La nueva Interfaz de Usuario \"RBAC\" no está afectada.", }, ], id: "CVE-2019-12398", lastModified: "2024-11-21T04:22:45.347", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-14T17:15:13.050", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/01/14/2", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cdev.airflow.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/01/14/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-18 08:15
Modified
2025-03-13 17:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "27BF1F7E-1C9D-4D81-9A7C-DB4ED0530B4F", versionEndExcluding: "2.9.0", versionStartIncluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the \"configuration\" UI page when \"non-sensitive-only\" was set as \"webserver.expose_config\" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your \"expose_config\" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page.", }, { lang: "es", value: "Las versiones 2.7.0 a 2.8.4 de Airflow tienen una vulnerabilidad que permite a un usuario autenticado ver la configuración confidencial del proveedor a través de la página de interfaz de usuario \"configuración\" cuando se configuró \"solo no confidencial\" como configuración \"webserver.expose_config\" (el proveedor de apio es el único proveedor comunitario actualmente que tiene configuraciones confidenciales). Deberías migrar a Airflow 2.9 o cambiar tu configuración \"expose_config\" a False como workaround. Esto es similar, pero diferente a CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq, que se refería a la API, no a la página de configuración de la UI.", }, ], id: "CVE-2024-31869", lastModified: "2025-03-13T17:15:30.837", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-04-18T08:15:38.037", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/38795", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/pz6vg7wcjk901rmsgt86h76g6kfcgtk3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/38795", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/pz6vg7wcjk901rmsgt86h76g6kfcgtk3", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-21 17:15
Modified
2024-11-21 05:08
Severity ?
Summary
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "114B997C-5881-4AE3-87C0-5EECAA2207E5", versionEndExcluding: "1.10.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.", }, { lang: "es", value: "La Comprobación de Sesión Incorrecta en Apache Airflow Webserver versiones anteriores a 1.10.14, con la configuración predeterminada permite a un usuario de airflow malicioso en el sitio A donde inician sesión normalmente para el acceso no autorizado a Airflow Webserver en el Sitio B mediante la sesión del sitio A. Esto no afecta a usuarios que han cambiado el valor predeterminado para la configuración de \"(webserver) secret_key\"", }, ], id: "CVE-2020-17526", lastModified: "2024-11-21T05:08:17.777", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.1, impactScore: 4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-21T17:15:12.507", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/21/1", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2020/12/21/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-10 20:29
Modified
2024-11-21 04:16
Severity ?
Summary
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "15131DD6-2137-4568-AD9B-3BE3D62E503A", versionEndIncluding: "1.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", }, { lang: "es", value: "Un usuario administrador malicioso podría editar el estado de los objetos en la base de datos metadata de Airflow para ejecutar JavaScript arbitrario en determinadas vistas de páginas.", }, ], id: "CVE-2019-0216", lastModified: "2024-11-21T04:16:30.517", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-10T20:29:01.083", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { source: "security@apache.org", url: "http://www.securityfocus.com/bid/107869", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/107869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-17 00:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "BA641E62-CF59-49E4-B776-0ABB7844A56D", versionEndIncluding: "1.10.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.", }, { lang: "es", value: "Se encontró un problema en Apache Airflow versiones 1.10.10 y posteriores. Cuando se usa la función CeleryExecutor, si un atacante puede conectarse directamente al broker (Redis, RabbitMQ), es posible inyectar comandos, resultando que el trabajador de celery ejecuta comandos arbitrarios", }, ], id: "CVE-2020-11981", lastModified: "2024-11-21T04:59:02.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-17T00:15:10.400", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-17 00:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "BA641E62-CF59-49E4-B776-0ABB7844A56D", versionEndIncluding: "1.10.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.", }, { lang: "es", value: "Se encontró un problema en Apache Airflow versiones 1.10.10 y posteriores. Cuando se usa la función CeleryExecutor, si un ataque puede conectarse directamente al broker (Redis, RabbitMQ), era posible insertar una carga maliciosa directamente al agente que podría conllevar a un ataque de deserialización (y, por lo tanto, a un ejecución de código remota) en el Worker", }, ], id: "CVE-2020-11982", lastModified: "2024-11-21T04:59:02.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-17T00:15:10.477", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-21 10:15
Modified
2024-11-21 08:34
Severity ?
Summary
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent.
Users are advised to upgrade to version 2.8.0 or later which is not affected
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/12/21/3 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/36026 | Patch | |
| security@apache.org | https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/12/21/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/36026 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "122817C2-2AA2-4D75-85C1-CDC07B9531A8", versionEndIncluding: "2.7.3", versionStartIncluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent.\nUsers are advised to upgrade to version 2.8.0 or later which is not affected", }, { lang: "es", value: "Apache Airflow, desde versión 2.7.0 a 2.7.3, tiene una vulnerabilidad que permite a un atacante activar un DAG en una solicitud GET sin validación CSRF. Como resultado, era posible que un sitio web malicioso abierto en el mismo navegador (por el usuario que también tenía abierta la interfaz de usuario de Airflow) desencadenara la ejecución de DAG sin el consentimiento del usuario. Se recomienda a los usuarios que actualicen a la versión 2.8.0 o posterior, que no se ve afectada.", }, ], id: "CVE-2023-49920", lastModified: "2024-11-21T08:34:00.383", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-21T10:15:36.330", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/3", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/36026", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/36026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-23 16:15
Modified
2025-02-13 17:16
Severity ?
Summary
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "4E21F5BA-D44C-4FE5-9211-E45B8BEE1DA0", versionEndExcluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.", }, { lang: "es", value: "Apache Airflow, en versiones anteriores a la 2.7.0, contiene una vulnerabilidad de seguridad que puede ser explotada por un usuario autenticado que posea privilegios de edición de conexión. Esta vulnerabilidad permite al usuario acceder a la información de conexión y explotar la función de conexión de prueba enviando muchas peticiones, lo que provoca una denegación de servicio (DoS) en el servidor. Además, actores maliciosos pueden aprovechar esta vulnerabilidad para establecer conexiones dañinas con el servidor. Se recomienda encarecidamente a los usuarios de Apache Airflow que actualicen a la versión 2.7.0 o posterior para mitigar el riesgo asociado a esta vulnerabilidad. Además, se recomienda a los administradores que revisen y ajusten los permisos de usuario para restringir el acceso a funcionalidades sensibles, reduciendo la superficie de ataque.", }, ], id: "CVE-2023-37379", lastModified: "2025-02-13T17:16:44.640", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-23T16:15:09.330", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/08/23/4", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32052", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/08/23/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32052", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-400", }, { lang: "en", value: "CWE-918", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-16 08:15
Modified
2024-11-21 06:12
Severity ?
Summary
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "410C1DAD-EE40-4F94-8DF6-25B94961F5FD", versionEndExcluding: "2.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.", }, { lang: "es", value: "Si no es usado el registro remoto, el trabajador (en el caso de CeleryExecutor) o el planificador (en el caso de LocalExecutor) ejecuta un servidor de registro Flask y está escuchando en un puerto específico y también se vincula en 0.0.0.0 por defecto. Este servidor de registro no presenta autenticación y permite leer los archivos de registro de los trabajos DAG. Este problema afecta a Apache Airflow versiones anteriores a 2.1.2.", }, ], id: "CVE-2021-35936", lastModified: "2024-11-21T06:12:47.057", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-16T08:15:11.530", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-02 12:15
Modified
2024-11-21 07:27
Severity ?
Summary
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/27143 | Issue Tracking, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l | Issue Tracking, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/27143 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l | Issue Tracking, Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "AE91E3E6-B702-4703-AB31-847AEE32A1CC", versionEndExcluding: "2.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 2.4.2, the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.", }, { lang: "es", value: "En las versiones de Apache Airflow anteriores a la 2.4.2, la pantalla \"Trigger DAG with config\" era susceptible a ataques XSS a través del argumento de consulta \"origin\".", }, ], id: "CVE-2022-43982", lastModified: "2024-11-21T07:27:28.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-02T12:15:56.050", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27143", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-14 10:15
Modified
2025-02-13 18:15
Severity ?
Summary
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default.
It is recommended to upgrade to a version that is not affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/10/23/2 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/34712 | Patch | |
| security@apache.org | https://lists.apache.org/thread/sy4l5d6tn58hr8r61r2fkt1f0qock9z9 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/23/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/34712 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/sy4l5d6tn58hr8r61r2fkt1f0qock9z9 | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "4A172F92-ABFA-4488-9EBD-694F915720B2", versionEndExcluding: "2.7.2", versionStartIncluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the \"expose_config\" option is set to \"non-sensitive-only\". The `expose_config` option is False by default.\nIt is recommended to upgrade to a version that is not affected.", }, { lang: "es", value: "Apache Airflow, versiones 2.7.0 y 2.7.1, se ve afectada por una vulnerabilidad que permite a un usuario autenticado recuperar información de configuración confidencial cuando la opción \"expose_config\" está configurada en \"non-sensitive-only\". La opción `expose_config` es \"Falso\" de forma predeterminada. Se recomienda actualizar a una versión que no se vea afectada.", }, ], id: "CVE-2023-45348", lastModified: "2025-02-13T18:15:31.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-14T10:15:10.473", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/23/2", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34712", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/sy4l5d6tn58hr8r61r2fkt1f0qock9z9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/23/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/sy4l5d6tn58hr8r61r2fkt1f0qock9z9", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-14 10:15
Modified
2025-02-13 17:17
Severity ?
Summary
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/11/12/2 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/34315 | Patch | |
| security@apache.org | https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/12/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/34315 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9 | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "63233E2B-0359-41A5-A4BA-218F2CC2F778", versionEndExcluding: "2.7.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", }, { lang: "es", value: "Apache Airflow, en versiones anteriores a la 2.7.2, tiene una vulnerabilidad que permite a un usuario autorizado que tiene acceso para leer solo DAG específicos, leer información sobre instancias de tareas en otros DAG. Se recomienda a los usuarios de Apache Airflow que actualicen a la versión 2.7.2 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.", }, ], id: "CVE-2023-42663", lastModified: "2025-02-13T17:17:09.083", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-14T10:15:09.940", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34315", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34315", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-02-17 15:15
Modified
2024-11-21 05:56
Severity ?
Summary
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6A12F59D-265C-4E88-A7A9-0A972A45408D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.", }, { lang: "es", value: "El endpoint lineage de la API Experimental obsoleta no estaba protegido por autenticación en Airflow versión 2.0.0. Esto permitió a usuarios no autenticados llegar a ese endpoint. Este es un problema de baja gravedad, ya que el atacante debe estar consciente de determinados parámetros para pasar a ese endpoint e incluso después puede obtener algunos metadatos sobre un DAG y una tarea. Este problema afecta a Apache Airflow versión 2.0.0", }, ], id: "CVE-2021-26697", lastModified: "2024-11-21T05:56:41.263", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-02-17T15:15:13.593", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/2", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cdev.airflow.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-17 08:15
Modified
2024-11-21 09:28
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "F6CCEFF0-EA14-4AFF-A200-03875C99D11D", versionEndExcluding: "2.9.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.\n", }, { lang: "es", value: "Las versiones de Apache Airflow anteriores a la 2.9.3 tienen una vulnerabilidad que permite a un atacante autenticado inyectar un enlace malicioso al instalar un proveedor. Se recomienda a los usuarios actualizar a la versión 2.9.3, que soluciona este problema.", }, ], id: "CVE-2024-39863", lastModified: "2024-11-21T09:28:26.660", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-17T08:15:01.933", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/40475", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/16/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/40475", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-12 10:15
Modified
2024-11-21 07:30
Severity ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/32309 | Patch | |
| security@apache.org | https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/32309 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d | Mailing List, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "59410400-C27B-4D22-93D8-183F74F5081F", versionEndExcluding: "2.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.\n", }, ], id: "CVE-2022-46651", lastModified: "2024-11-21T07:30:51.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-12T10:15:09.623", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32309", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32309", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-11-12 14:15
Modified
2024-11-21 08:23
Severity ?
Summary
Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/11/12/2 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/34939 | Patch | |
| security@apache.org | https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/12/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/34939 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1 | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DE0419-3A7A-4E73-A896-096554A71E34", versionEndExcluding: "2.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", }, { lang: "es", value: "Apache Airflow, versiones anteriores a la 2.7.3, tiene una vulnerabilidad que permite a un usuario autorizado que tiene acceso para leer solo DAG específicos, leer información sobre instancias de tareas en otros DAG. Este es un problema diferente al CVE-2023-42663, pero conduce a un resultado similar. Se recomienda a los usuarios de Apache Airflow que actualicen a la versión 2.7.3 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.", }, ], id: "CVE-2023-42781", lastModified: "2024-11-21T08:23:08.683", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-11-12T14:15:25.847", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34939", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-17 00:15
Modified
2025-03-07 16:27
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
References
{ cisaActionDue: "2022-07-18", cisaExploitAdd: "2022-01-18", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Apache Airflow Command Injection", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "B9D4EEE1-539A-43A3-ACA1-7307F50600F5", versionEndExcluding: "1.10.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", }, { lang: "es", value: "Se encontró un problema en Apache Airflow versiones 1.10.10 y posteriores. Se detectó una vulnerabilidad de inyección de código y comando remota en uno de los DAG de ejemplo enviados con Airflow que permitiría a cualquier usuario autenticado ejecutar comandos arbitrarios como el usuario que ejecuta el programador y trabajador de airflow (dependiendo del ejecutor en uso). Si ya presentas ejemplos deshabilitados al configurar la función load_examples=False en la configuración, entonces no es vulnerable", }, ], id: "CVE-2020-11978", lastModified: "2025-03-07T16:27:27.707", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-07-17T00:15:10.337", references: [ { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-05 08:15
Modified
2025-03-19 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.
This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out.
* FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected)
* FAB provider 1.2.0 affected all versions of Airflow.
Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.
Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.
Also upgrading Apache Airflow to latest version available is recommended.
Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images.
Users are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/40784 | Issue Tracking, Patch | |
| security@apache.org | https://lists.apache.org/thread/2zoo8cjlwfjhbfdxfgltcm0hnc0qmc52 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/08/04/2 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | apache-airflow-providers-fab | 1.2.1 | |
| apache | airflow | 2.9.3 | |
| apache | apache-airflow-providers-fab | 1.2.0 | |
| apache | airflow | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:apache-airflow-providers-fab:1.2.1:*:*:*:*:*:*:*", matchCriteriaId: "323D66FA-F34A-45A9-AE18-CBC2C11F4506", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:2.9.3:*:*:*:*:*:*:*", matchCriteriaId: "72D10390-BAB9-4295-A395-BB062FCF5EF3", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:apache-airflow-providers-fab:1.2.0:*:*:*:*:*:*:*", matchCriteriaId: "74B301FD-5C54-4477-93B6-3FA1816906B1", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:-:*:*:*:*:*:*:*", matchCriteriaId: "3175F2AE-AD9F-4D30-A411-5989E0445678", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.\n\nThis issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. \n\n* FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected)\n\n* FAB provider 1.2.0 affected all versions of Airflow.\n\nUsers who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.\n\nUsers who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.\n\nAlso upgrading Apache Airflow to latest version available is recommended.\n\nNote: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images. \n\nUsers are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.", }, { lang: "es", value: "Vulnerabilidad de expiración de sesión insuficiente en Apache Airflow Providers FAB. Este problema afecta a Apache Airflow Providers FAB: 1.2.1 (cuando se utiliza con Apache Airflow 2.9.3) y FAB 1.2.0 para todas las versiones de Airflow. El proveedor FAB impedía que el usuario cerrara sesión. * El proveedor FAB 1.2.1 solo afectaba a Airflow 2.9.3 (las versiones anteriores y posteriores de Airflow no se ven afectadas) * El proveedor FAB 1.2.0 afectó a todas las versiones de Airflow. Se recomienda a los usuarios que ejecutan Apache Airflow 2.9.3 que actualicen a Apache Airflow Providers FAB versión 1.2.2, que soluciona el problema. Se recomienda a los usuarios que ejecutan cualquier versión de Apache Airflow y tienen el proveedor FAB 1.2.0 que actualicen a Apache Airflow Providers FAB versión 1.2.2, que soluciona el problema. También se recomienda actualizar Apache Airflow a la última versión disponible. Nota: Las versiones anteriores de las imágenes de contenedor de referencia de Airflow 2.9.3 y los archivos de restricciones contenían la versión 1.2.1 del proveedor FAB, pero esto se solucionó en las versiones actualizadas de las imágenes. Se recomienda a los usuarios que obtengan las imágenes más recientes de Airflow o que reinstalen el proveedor FAB según las restricciones actuales.", }, ], id: "CVE-2024-42447", lastModified: "2025-03-19T15:15:49.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-08-05T08:15:56.397", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/40784", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/2zoo8cjlwfjhbfdxfgltcm0hnc0qmc52", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/08/04/2", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-613", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-17 08:15
Modified
2024-11-21 09:28
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "7AFAC89A-220F-4E86-BB03-8F9439217EEA", versionEndExcluding: "2.9.3", versionStartIncluding: "2.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.", }, { lang: "es", value: "Apache Airflow 2.4.0 y versiones anteriores a 2.9.3 tienen una vulnerabilidad que permite a los autores de DAG autenticados crear un parámetro doc_md de manera que pueda ejecutar código arbitrario en el contexto del programador, lo que debería estar prohibido según el modelo de seguridad de Airflow. Los usuarios deben actualizar a la versión 2.9.3 o posterior, que eliminó la vulnerabilidad.", }, ], id: "CVE-2024-39877", lastModified: "2024-11-21T09:28:28.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-17T08:15:02.073", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/40522", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/07/16/7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://github.com/apache/airflow/pull/40522", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-277", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-23 17:29
Modified
2024-11-21 03:15
Severity ?
Summary
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "2E9757BB-D71C-41F6-9D27-E63AC6B39D35", versionEndIncluding: "1.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.", }, { lang: "es", value: "En Apache Airflow, en versiones 1.8.2 y anteriores, un usuario autenticado puede ejecutar código de forma remota en el servidor web de Airflow mediante la creación de un objeto especial.", }, ], id: "CVE-2017-15720", lastModified: "2024-11-21T03:15:04.820", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-23T17:29:00.257", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-25 09:15
Modified
2024-11-21 06:50
Severity ?
Summary
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "CF464BC7-9DB8-4C3B-B1A7-7A85209E19BD", versionEndExcluding: "2.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.", }, { lang: "es", value: "En Apache Airflow, versiones anteriores a 2.2.4, algunos DAG de ejemplo no saneaban correctamente los parámetros proporcionados por el usuario, lo que los hacía susceptibles a inyección de comandos del Sistema Operativo desde la interfaz web.\n", }, ], id: "CVE-2022-24288", lastModified: "2024-11-21T06:50:05.807", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-25T09:15:06.957", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-14 10:15
Modified
2024-11-21 05:08
Severity ?
Summary
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "1C49F036-33E7-4903-8B4C-DBA313191E97", versionEndExcluding: "1.10.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.", }, { lang: "es", value: "En Airflow versiones anteriores a 1.10.13, cuando se crea un usuario usando la CLI de airflow, la contraseña se registra en texto plano en la tabla de Registro en Airflow Metadatase. Lo mismo sucedió cuando se creó una Conexión con un campo de contraseña.", }, ], id: "CVE-2020-17511", lastModified: "2024-11-21T05:08:15.580", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-14T10:15:12.373", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-312", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-30 22:15
Modified
2024-11-21 04:22
Severity ?
Summary
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "7B9A5AA4-3B36-49AA-A5FD-82825B1F5071", versionEndIncluding: "1.10.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.", }, { lang: "es", value: "Un usuario administrador malicioso podría editar el estado de los objetos en la base de datos de metadatos de Airflow para ejecutar JavaScript arbitrario en determinadas vistas de página. Esto también presentó una vulnerabilidad de Divulgación de Archivos Local en cualquier archivo legible por el proceso del servidor web.", }, ], id: "CVE-2019-12417", lastModified: "2024-11-21T04:22:47.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.7, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-30T22:15:10.807", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-02 12:15
Modified
2024-11-21 07:27
Severity ?
Summary
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/27143 | Issue Tracking, Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq | Issue Tracking, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/27143 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq | Issue Tracking, Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "AE91E3E6-B702-4703-AB31-847AEE32A1CC", versionEndExcluding: "2.4.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.", }, { lang: "es", value: "En las versiones de Apache Airflow anteriores a la 2.4.2, había una redirección abierta en el punto final `/confirm` del servidor web.", }, ], id: "CVE-2022-43985", lastModified: "2024-11-21T07:27:29.030", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-11-02T12:15:56.403", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27143", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27143", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-02-25 09:15
Modified
2024-11-21 06:32
Severity ?
Summary
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "E915510A-BCD2-4DE2-9BDF-8146B150887F", versionEndIncluding: "2.2.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "It was discovered that the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.", }, { lang: "es", value: "Se ha detectado que la pantalla \"Trigger DAG with config\" era susceptible de ataques de tipo XSS por medio del argumento de consulta \"origin\". Este problema afecta a Apache Airflow versiones 2.2.3 y anteriores.\n", }, ], id: "CVE-2021-45229", lastModified: "2024-11-21T06:32:00.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-02-25T09:15:06.760", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-23 19:15
Modified
2025-02-13 18:15
Severity ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.
Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).
Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "E0F2268E-426E-482E-9EDB-D410698925C8", versionEndExcluding: "2.7.0", versionStartIncluding: "2.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.\n\nSensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).\n\nUsers are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.", }, { lang: "es", value: "Exposición de información confidencial a una vulnerabilidad de actor no autorizado en Apache Airflow. Este problema afecta a Apache Airflow desde la versión 2.4.0 a la 2.7.0. La información de configuración confidencial se ha expuesto a usuarios autenticados con la capacidad de leer la configuración a través de la API REST de Airflow para la configuración incluso cuando la opción Expon_config está configurada como no confidencial. La opción exponen_config es False de forma predeterminada. Se recomienda actualizar a una versión que no se vea afectada si configura Expon_config en una configuración no confidencial. Este es un error diferente a CVE-2023-45348 que permite a un usuario autenticado recuperar valores de configuración individuales en 2.7.* manipulando especialmente su solicitud (resuelto en 2.7.2). Se recomienda a los usuarios actualizar a la versión 2.7.2, que soluciona el problema y además corrige CVE-2023-45348.", }, ], id: "CVE-2023-46288", lastModified: "2025-02-13T18:15:34.837", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-23T19:15:11.143", references: [ { source: "security@apache.org", url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32261", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32261", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-05 07:15
Modified
2025-02-13 17:16
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://seclists.org/fulldisclosure/2023/Jul/43 | Not Applicable | |
| security@apache.org | https://github.com/apache/airflow/pull/29706 | Patch, Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2023/Jul/43 | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/29706 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15 | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "EBD966A0-ACD7-4B13-9407-5623086AEE17", versionEndExcluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.", }, ], id: "CVE-2023-39508", lastModified: "2025-02-13T17:16:53.357", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-08-05T07:15:43.607", references: [ { source: "security@apache.org", tags: [ "Not Applicable", ], url: "http://seclists.org/fulldisclosure/2023/Jul/43", }, { source: "security@apache.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/29706", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://seclists.org/fulldisclosure/2023/Jul/43", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/29706", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, { lang: "en", value: "CWE-250", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-22 10:15
Modified
2025-04-29 05:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/27641 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz | Issue Tracking, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/27641 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz | Issue Tracking, Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | apache-airflow-providers-apache-pinot | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "24BE0EE8-9BCD-4DC8-8400-08A9084A4FFB", versionEndExcluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:apache-airflow-providers-apache-pinot:*:*:*:*:*:*:*:*", matchCriteriaId: "25D4E304-49B7-44A6-8CEC-1F92F977D4D7", versionEndExcluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", }, { lang: "es", value: "Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en el proveedor Apache Airflow Pinot. Apache Airflow permite a un atacante controlar los comandos ejecutados en el contexto de ejecución de la tarea, sin acceso de escritura a los archivos DAG. Este problema afecta a las versiones del proveedor Apache Airflow Pinot anteriores a la 4.0.0. También afecta a cualquier versión de Apache Airflow anterior a la 2.3.0 en caso de que Apache Airflow Pinot Provider esté instalado (Apache Airflow Pinot Provider 4.0.0 solo se puede instalar para Airflow 2.3.0+). Tenga en cuenta que debe instalar manualmente Pinot Provider versión 4.0.0 para eliminar la vulnerabilidad además de la versión Airflow 2.3.0+.", }, ], id: "CVE-2022-38649", lastModified: "2025-04-29T05:15:42.170", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-11-22T10:15:10.663", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27641", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-27 18:29
Modified
2024-11-21 04:01
Severity ?
Summary
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "60444583-D148-4353-873B-FC191109D19E", versionEndExcluding: "1.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", }, { lang: "es", value: "En Apache Airflow, en versiones anteriores a la 1.10.2, un administrador malicioso podría editar el estado de objetos en la base de datos de los metadatos de Airflow para ejecutar JavaScript arbitrario en determinadas vistas de páginas.", }, ], id: "CVE-2018-20244", lastModified: "2024-11-21T04:01:09.507", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-27T18:29:00.237", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-12 10:15
Modified
2024-11-21 08:09
Severity ?
Summary
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/32060 | Patch | |
| security@apache.org | https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4 | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/32060 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4 | Mailing List, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "59410400-C27B-4D22-93D8-183F74F5081F", versionEndExcluding: "2.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", }, ], id: "CVE-2023-36543", lastModified: "2024-11-21T08:09:54.447", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-12T10:15:10.157", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32060", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32060", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-1333", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-1333", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-09-09 15:15
Modified
2024-11-21 06:17
Severity ?
Summary
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "8DA42686-DCA0-45F1-8AB6-E56F0C9EF0C0", versionEndExcluding: "2.1.3", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.", }, { lang: "es", value: "El endpoint de importación de variables no estaba protegido por autenticación en Airflow versiones posteriores a 2.0.0 incluyéndola, versiones anteriores a 2.1.3. Esto permitía a usuarios no autenticados acceder a ese endpoint para añadir y modificar las variables de Airflow usadas en los DAG, resultando en una denegación de servicio, una divulgación de información o una ejecución de código remota. Este problema afecta a Apache Airflow versiones posteriores a 2.0.0 incluyéndola, versiones anteriores a 2.1.3", }, ], id: "CVE-2021-38540", lastModified: "2024-11-21T06:17:23.360", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-09-09T15:15:09.170", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-306", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-28 08:15
Modified
2025-02-13 18:15
Severity ?
Summary
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.
Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Note: the vulnerability is about the information exposed in the logs not about accessing the logs.
This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.
Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/10/28/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/34954 | Patch | |
| security@apache.org | https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/28/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/34954 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | airflow_celery_provider | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "1295ECA3-F760-4A73-B48E-6B9B8AB521E6", versionEndExcluding: "2.7.0", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow_celery_provider:*:*:*:*:*:*:*:*", matchCriteriaId: "5CD91624-B6CA-4F93-8965-EF7F1D214B70", versionEndIncluding: "3.4.0", versionStartIncluding: "3.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.\n\nSensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend\nNote: the vulnerability is about the information exposed in the logs not about accessing the logs.\n\nThis issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.\n\nUsers are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.", }, { lang: "es", value: "Vulnerabilidad de inserción de información confidencial en un archivo de registro en el proveedor de Apache Airflow Celery, Apache Airflow. La información confidencial se registra como texto plano cuando los protocolos rediss, amqp y rpc se utilizan como backend de resultados de Celery. Nota: la vulnerabilidad se refiere a la información expuesta en los registros, no al acceso a los registros. Este problema afecta al proveedor Apache Airflow Celery: desde 3.3.0 hasta 3.4.0; Apache Airflow: desde 1.10.0 hasta 2.6.3. Se recomienda a los usuarios actualizar el proveedor Airflow Celery a la versión 3.4.1 y Apache Airlfow a la versión 2.7.0, que soluciona el problema.", }, ], id: "CVE-2023-46215", lastModified: "2025-02-13T18:15:33.700", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-28T08:15:07.553", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/28/1", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34954", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/28/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/34954", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-532", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-07 07:15
Modified
2024-11-21 07:23
Severity ?
Summary
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/26635 | Issue Tracking, Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y | Issue Tracking, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/26635 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y | Issue Tracking, Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "3157E457-8BB3-44BC-BA7F-E1AA3951000B", versionEndIncluding: "2.4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.", }, { lang: "es", value: "En Apache Airflow, versiones anteriores a 2.4.1, desactivar un usuario no impedía que un usuario ya autenticado pudiera seguir usando la Interfaz de Usuario o la API", }, ], id: "CVE-2022-41672", lastModified: "2024-11-21T07:23:36.813", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-07T07:15:08.897", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/26635", }, { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/26635", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-613", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-613", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-21 08:15
Modified
2024-11-21 07:21
Severity ?
Summary
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/26337 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/26337 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "5EB22638-3379-42B8-8DFA-14BE3E46B30B", versionEndIncluding: "2.3.4", versionStartIncluding: "2.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.", }, { lang: "es", value: "En Apache Airflow versiones 2.3.0 hasta 2.3.4, parte de una url tenía un formato no necesario que permitía una posible extracción de información", }, ], id: "CVE-2022-40604", lastModified: "2024-11-21T07:21:42.343", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-21T08:15:08.910", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/26337", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/26337", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-134", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-134", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-21 14:15
Modified
2025-03-31 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/28811 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/28811 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | apache-airflow-providers-mysql | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "6EE25360-80C2-4C03-BCE7-2BB27E1CB42C", versionEndExcluding: "2.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:apache-airflow-providers-mysql:*:*:*:*:*:*:*:*", matchCriteriaId: "952569EF-9DEF-43CF-9329-EF0DB30FA5FF", versionEndExcluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.\n\n", }, { lang: "es", value: " Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando (\"Inyección de comando\") en Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. Este problema afecta a Apache Airflow: antes de 2.5.1; Apache Airflow MySQL Provider: anterior a 4.0.0.", }, ], id: "CVE-2023-22884", lastModified: "2025-03-31T15:15:39.513", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-21T14:15:10.280", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/28811", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/28811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-77", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-08 10:15
Modified
2024-11-21 07:56
Severity ?
Summary
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "EBD966A0-ACD7-4B13-9407-5623086AEE17", versionEndExcluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.\n\n\n", }, ], id: "CVE-2023-29247", lastModified: "2024-11-21T07:56:45.513", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-08T10:15:09.163", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/30447", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/30779", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/30447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/30779", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-08 12:15
Modified
2025-02-13 17:16
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "EBD966A0-ACD7-4B13-9407-5623086AEE17", versionEndExcluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", }, ], id: "CVE-2023-25754", lastModified: "2025-02-13T17:16:10.163", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-08T12:15:09.613", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/05/08/2", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/29506", }, { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/05/08/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/29506", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-270", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-24 13:15
Modified
2025-02-13 18:15
Severity ?
Summary
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2024/01/24/5 | Mailing List | |
| security@apache.org | https://github.com/apache/airflow/pull/36257 | Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/01/24/5 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/36257 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "601FB744-D9A1-4FE0-A5AD-552A9605C501", versionEndExcluding: "2.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.", }, { lang: "es", value: "Apache Airflow, versiones anteriores a la 2.8.1, tienen una vulnerabilidad que permite a un usuario autenticado acceder al código fuente de un DAG al que no tiene acceso. Esta vulnerabilidad se considera baja ya que requiere un usuario autenticado para explotarla. Se recomienda a los usuarios actualizar a la versión 2.8.1, que soluciona este problema.", }, ], id: "CVE-2023-50944", lastModified: "2025-02-13T18:15:52.743", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-24T13:15:08.070", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/5", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/36257", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/36257", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-10 16:15
Modified
2025-03-07 16:27
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default
References
{ cisaActionDue: "2022-07-18", cisaExploitAdd: "2022-01-18", cisaRequiredAction: "Apply updates per vendor instructions.", cisaVulnerabilityName: "Apache Airflow's Experimental API Authentication Bypass", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "B9D4EEE1-539A-43A3-ACA1-7307F50600F5", versionEndExcluding: "1.10.11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default", }, { lang: "es", value: "La configuración predeterminada previa para Airflow's Experimental API permitió todas las peticiones de la API sin autenticación, pero esto plantea riesgos de seguridad para los usuarios que no se dan cuenta de este hecho. Desde Airflow versión 1.10.11, el valor predeterminado ha sido cambiado para denegar todas las peticiones por defecto y está documentado en https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Tome en cuenta que este cambio lo corrige para nuevas instalaciones, pero los usuarios existentes deben cambiar su configuración a la predeterminada \"[api] auth_backend=airflow.api.auth.backend.deny_all\" como es mencionado en la Guía de Actualización: https://github.com/apache /airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-defaul", }, ], id: "CVE-2020-13927", lastModified: "2025-03-07T16:27:46.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2020-11-10T16:15:11.807", references: [ { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, { lang: "en", value: "CWE-1188", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-306", }, { lang: "en", value: "CWE-1056", }, { lang: "en", value: "CWE-1188", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-17 00:15
Modified
2024-11-21 04:59
Severity ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "BA641E62-CF59-49E4-B776-0ABB7844A56D", versionEndIncluding: "1.10.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.", }, { lang: "es", value: "Se encontró un problema en Apache Airflow versiones 1.10.10 y posteriores. Se detectó que muchas de las pantallas de gestión de administración en la UI new/RBAC manejaban el escape incorrectamente, permitiendo a usuarios autenticados con los permisos apropiados crear ataques de tipo XSS almacenado", }, ], id: "CVE-2020-11983", lastModified: "2024-11-21T04:59:02.817", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 3.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-17T00:15:10.557", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-17 00:15
Modified
2024-11-21 05:40
Severity ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "BA641E62-CF59-49E4-B776-0ABB7844A56D", versionEndIncluding: "1.10.10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", }, { lang: "es", value: "Se encontró un problema en Apache Airflow versiones 1.10.10 y posteriores. Se detectó una vulnerabilidad de tipo XSS almacenado en las páginas de Chart de la IU \"classic\"", }, ], id: "CVE-2020-9485", lastModified: "2024-11-21T05:40:44.737", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-17T00:15:11.413", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-08-21 16:15
Modified
2025-03-20 21:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.
Users should upgrade to 2.10.0 or later, which fixes this vulnerability.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "3762E1D0-9E6E-44EB-82A7-620638F6F9AD", versionEndExcluding: "2.10.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.", }, { lang: "es", value: "Apache Airflow, versiones anteriores a la 2.10.0, tienen una vulnerabilidad que permite al desarrollador de un proveedor malicioso ejecutar un ataque de cross-site scripting al hacer clic en un enlace de documentación del proveedor. Esto requeriría que el proveedor esté instalado en el servidor web y que el usuario haga clic en el enlace del proveedor. Los usuarios deben actualizar a 2.10.0 o posterior, lo que soluciona esta vulnerabilidad.", }, ], id: "CVE-2024-41937", lastModified: "2025-03-20T21:15:21.303", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-08-21T16:15:08.107", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/40933", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2024/08/21/3", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-02 07:15
Modified
2024-11-21 07:15
Severity ?
Summary
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "FAFEE08F-9E2C-434B-B67A-6183062070BE", versionEndExcluding: "2.3.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.", }, { lang: "es", value: "En Apache Airflow versiones anteriores a 2.3.4, era configurado una máscara de usuario no segura para numerosos componentes de Airflow cuando es ejecutado con el flag \"--daemon\", lo que podía resultar en una condición de carrera que daba lugar a archivos de escritura mundial en el directorio principal de Airflow y permitía a usuarios locales exponer contenidos de archivos arbitrarios por medio del servidor web", }, ], id: "CVE-2022-38170", lastModified: "2024-11-21T07:15:55.980", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-02T07:15:07.833", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/12", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/3", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/21/2", }, { source: "security@apache.org", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/12", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/21/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-22 10:15
Modified
2025-04-29 05:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/27644 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/27644 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | airflow | * | |
| apache | apache-airflow-providers-apache-pig | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "24BE0EE8-9BCD-4DC8-8400-08A9084A4FFB", versionEndExcluding: "2.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:apache-airflow-providers-apache-pig:*:*:*:*:*:*:*:*", matchCriteriaId: "FD190CAB-FA1E-4613-8DE8-20EBC48997F7", versionEndExcluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", }, { lang: "es", value: "Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando del sistema operativo ('inyección de comando del sistema operativo') en Apache Airflow Pig Provider, Apache Airflow permite a un atacante controlar los comandos ejecutados en el contexto de ejecución de la tarea, sin acceso de escritura a los archivos DAG. Este problema afecta a las versiones de Pig Provider anteriores a la 4.0.0. También afecta cualquier versión de Apache Airflow anterior a la 2.3.0 en caso de que Pig Provider esté instalado (Pig Provider 4.0.0 solo se puede instalar para Airflow 2.3.0+). Tenga en cuenta que debe instalar manualmente Pig Provider versión 4.0.0 para eliminar la vulnerabilidad además de la versión Airflow 2.3.0+.", }, ], id: "CVE-2022-40189", lastModified: "2025-04-29T05:15:43.473", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-11-22T10:15:16.103", references: [ { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27644", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security@apache.org", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2021-05-02 08:15
Modified
2024-11-21 05:59
Severity ?
Summary
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "0B64ECBE-6E1A-458B-B339-D66BAC124B11", versionEndExcluding: "1.10.15", versionStartIncluding: "1.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "498AB796-B84E-4682-BF15-16905DD626AF", versionEndExcluding: "2.0.2", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).", }, { lang: "es", value: "El parámetro \"origin\" pasado a algunos de los endpoints como \"/trigger\" era vulnerable a una explotación de tipo XSS. Este problema afecta a Apache Airflow versiones anteriores a 1.10.15 en la serie 1.x y afecta a las series 2.0.0 y 2.0.1 y 2.x. Es lo mismo que CVE-2020-13944 y CVE-2020-17515, pero la corrección implementada no corrigió el problema por completo. Actualice a Airflow versiones 1.10.15 o 2.0.2. Actualice también su versión de Python a las últimas versiones de PATCH disponibles de las versiones MINOR instaladas, ejemplo de actualización a Python versión 3.6.13 si está en Python versión 3.6. (Estos contienen la corrección para CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).", }, ], id: "CVE-2021-28359", lastModified: "2024-11-21T05:59:35.390", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-05-02T08:15:06.703", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-09-02 07:15
Modified
2024-11-21 07:15
Severity ?
Summary
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/09/02/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/09/02/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "9E012EF0-316F-4E59-ABB3-9839E9B7CA1A", versionEndIncluding: "2.3.3", versionStartIncluding: "2.2.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.", }, { lang: "es", value: "En Apache Airflow versiones 2.2.4 hasta 2.3.3, el backend de sesión del servidor web \"database\" era susceptible a una fijación de sesión", }, ], id: "CVE-2022-38054", lastModified: "2024-11-21T07:15:39.843", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-09-02T07:15:07.777", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/1", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-384", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-384", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-09-12 12:15
Modified
2025-02-13 17:17
Severity ?
Summary
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.1 or later which has removed the vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/11/12/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/33413 | Patch, Vendor Advisory | |
| security@apache.org | https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/11/12/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33413 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0 | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "D8DE0419-3A7A-4E73-A896-096554A71E34", versionEndExcluding: "2.7.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.", }, { lang: "es", value: "Apache Airflow, versiones anteriores a 2.7.1, se ve afectada por una vulnerabilidad que permite a los usuarios autenticados y autorizados para DAG-view modificar algunos valores de detalles de ejecución de DAG al enviar notas. Esto podría hacer que alteren detalles como los parámetros de configuración, la fecha de inicio, etc. Los usuarios deben actualizar a la versión 2.7.1 o posterior, que ha eliminado la vulnerabilidad.", }, ], id: "CVE-2023-40611", lastModified: "2025-02-13T17:17:04.810", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-09-12T12:15:08.200", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, { source: "security@apache.org", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/33413", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/apache/airflow/pull/33413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-04-10 20:29
Modified
2024-11-21 04:16
Severity ?
Summary
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "15131DD6-2137-4568-AD9B-3BE3D62E503A", versionEndIncluding: "1.10.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.", }, { lang: "es", value: "Varios endpoints HTTP en el webserver Airflow (tanto RBAC como clásico) no tenían la protección adecuada y eran vulnerables a los ataques de tipo cross-site request forgery (CSRF)", }, ], id: "CVE-2019-0229", lastModified: "2024-11-21T04:16:32.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-04-10T20:29:01.117", references: [ { source: "security@apache.org", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { source: "security@apache.org", url: "http://www.securityfocus.com/bid/107869", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/107869", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-15 09:15
Modified
2025-04-30 16:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/11/15/1 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/27576 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/11/15/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/27576 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "A277EF3F-6E26-4A75-B9EB-0BDFA8C61DD2", versionEndExcluding: "2.4.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.", }, { lang: "es", value: "En las versiones de Apache Airflow anteriores a la 2.4.3, había una redirección abierta en el endpoint `/login` del servidor web.", }, ], id: "CVE-2022-45402", lastModified: "2025-04-30T16:15:33.307", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-11-15T09:15:09.447", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/15/1", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27576", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/15/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/27576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-601", }, ], source: "security@apache.org", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-12-21 10:15
Modified
2025-02-13 18:15
Severity ?
Summary
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.
Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2023/12/21/2 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/35460 | Patch | |
| security@apache.org | https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/12/21/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/35460 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "0A643237-EF0F-402D-9188-307B0C74FC37", versionEndIncluding: "2.7.3", versionStartIncluding: "2.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability", }, { lang: "es", value: "Apache Airflow, desde versiones 2.6.0 a 2.7.3, tiene una vulnerabilidad de XSS almacenado que permite a un autor de DAG agregar un javascript ilimitado y no sanitizado en el campo de descripción de parámetros del DAG. Este Javascript se puede ejecutar en el lado del cliente de cualquiera de los usuarios que mira las tareas en la sandbox del navegador. Si bien este problema no permite salir de la sandbox del navegador ni manipular los datos del lado del servidor (más de los que el autor del DAG ya tiene, permite modificar lo que el usuario que mira los detalles del DAG ve en el navegador), lo que abre todo tipo de problemas de posibilidades de engañar a otros usuarios. Se recomienda a los usuarios de Apache Airflow actualizar a la versión 2.8.0 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.", }, ], id: "CVE-2023-47265", lastModified: "2025-02-13T18:15:38.667", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-12-21T10:15:35.713", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/2", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/35460", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/35460", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-23 17:29
Modified
2024-11-21 04:01
Severity ?
Summary
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "A6E13AF6-67A0-4466-8639-5D21C7B4AC90", versionEndExcluding: "1.10.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.", }, { lang: "es", value: "El backend de autenticación LDAP (airflow.contrib.auth.backends.ldap_auth), en versiones anteriores a Apache Airflow 1.10.1, se configuró erróneamente y contenía una comprobación incorrecta de excepciones que deshabilitaban la comprobación de certificados del servidor.", }, ], id: "CVE-2018-20245", lastModified: "2024-11-21T04:01:09.627", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-23T17:29:00.443", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-01-20 11:15
Modified
2024-11-21 06:32
Severity ?
Summary
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "1CE396B0-4860-42E9-9686-C67896C8FDA9", versionEndIncluding: "1.10.15", versionStartIncluding: "1.10.0", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "4528409E-F035-48EC-BD62-EF07FA29E2F4", versionEndExcluding: "2.2.0", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has \"can_create\" permissions on DAG Runs can create Dag Runs for dags that they don't have \"edit\" permissions for.", }, { lang: "es", value: "En Apache Airflow versiones anteriores a 2.2.0. Esta CVE es aplicada a un caso específico en el que un usuario que presenta permisos \"can_create\" en las ejecuciones DAG puede crear ejecuciones Dag para dags para los que no presenta permisos \"edit\"", }, ], id: "CVE-2021-45230", lastModified: "2024-11-21T06:32:01.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-01-20T11:15:07.993", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-07-12 10:15
Modified
2024-11-21 08:08
Severity ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/32014 | Patch | |
| security@apache.org | https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/32014 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw | Mailing List, Patch, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "59410400-C27B-4D22-93D8-183F74F5081F", versionEndExcluding: "2.6.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected", }, ], id: "CVE-2023-35908", lastModified: "2024-11-21T08:08:57.667", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-07-12T10:15:10.093", references: [ { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32014", }, { source: "security@apache.org", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/32014", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Vendor Advisory", ], url: "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-863", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-23 17:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "2E9757BB-D71C-41F6-9D27-E63AC6B39D35", versionEndIncluding: "1.8.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.", }, { lang: "es", value: "En Apache Airflow versión 1.8.2 y anteriores, una función experimental de Airflow mostraba cookies identificadas, así como contraseñas a las bases de datos utilizadas por Airflow. Un atacante que presenta acceso limitado a Airflow, ya sea por medio de Cross-Site Scripting (XSS) o al dejar una máquina desbloqueada puede eliminar todas las credenciales del sistema.", }, ], id: "CVE-2017-17836", lastModified: "2024-11-21T03:18:47.087", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-23T17:29:00.367", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-255", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-01-24 13:15
Modified
2025-02-13 18:15
Severity ?
Summary
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2024/01/24/4 | Mailing List | |
| security@apache.org | https://github.com/apache/airflow/pull/36255 | Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/01/24/4 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/36255 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "601FB744-D9A1-4FE0-A5AD-552A9605C501", versionEndExcluding: "2.8.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.", }, { lang: "es", value: "Apache Airflow, versiones anteriores a 2.8.1, tienen una vulnerabilidad que permite a un atacante potencial envenenar los datos de XCom al evadir la protección de la configuración \"enable_xcom_pickling=False\", lo que genera datos envenenados después de la deserialización de XCom. Esta vulnerabilidad se considera baja ya que requiere un autor de DAG para explotarla. Se recomienda a los usuarios actualizar a la versión 2.8.1 o posterior, que soluciona este problema.", }, ], id: "CVE-2023-50943", lastModified: "2025-02-13T18:15:52.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-01-24T13:15:07.953", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/4", }, { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/36255", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/36255", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-23 16:15
Modified
2024-11-21 08:19
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).
With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.
Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://github.com/apache/airflow/pull/33347 | Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj | Vendor Advisory | |
| security@apache.org | https://www.openwall.com/lists/oss-security/2023/08/23/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/33347 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2023/08/23/1 | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "4162BEC3-6BE2-41DB-BD89-4B4124E7F0C0", versionEndIncluding: "2.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.\n", }, { lang: "es", value: "La vulnerabilidad de fijación de sesión permitía al usuario autenticado seguir accediendo al servidor web de Airflow incluso después de que el administrador hubiera restablecido la contraseña del usuario, hasta la expiración de la sesión del usuario. Aparte de limpiar manualmente la base de datos de sesiones (para el backend de sesión de base de datos), o cambiar la secure_key y reiniciar el servidor web, no había mecanismos para forzar el cierre de sesión del usuario (y de todos los demás usuarios). Con esta corrección implementada, cuando se utiliza el backend de sesión de base de datos, las sesiones existentes del usuario se invalidan cuando se restablece la contraseña del usuario. Cuando se utiliza el backend de sesión securecookie, las sesiones NO se invalidan y sigue siendo necesario cambiar la clave segura y reiniciar el servidor web (y cerrar la sesión de todos los demás usuarios), pero el usuario que restablece la contraseña es informado de ello con un mensaje flash de advertencia que se muestra en la interfaz de usuario. También se ha actualizado la documentación explicando este comportamiento. Se recomienda a los usuarios de Apache Airflow que actualicen a la versión 2.7.0 o posterior para mitigar el riesgo asociado a esta vulnerabilidad.", }, ], id: "CVE-2023-40273", lastModified: "2024-11-21T08:19:06.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-08-23T16:15:09.803", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/33347", }, { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/08/23/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/33347", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2023/08/23/1", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-384", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-11-14 10:15
Modified
2025-04-30 19:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2022/11/14/2 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/25960 | Patch, Third Party Advisory | |
| security@apache.org | https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2022/11/14/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/25960 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "3CDC1C40-9571-4FDB-85EA-7A9F1D582FE7", versionEndExcluding: "2.4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.", }, { lang: "es", value: "Una vulnerabilidad en Dags de ejemplo de Apache Airflow permite a un atacante con acceso a la interfaz de usuario que puede activar DAG ejecutar comandos arbitrarios a través del parámetro run_id proporcionado manualmente. Este problema afecta a las versiones de Apache Airflow Apache Airflow anteriores a la 2.4.0.", }, ], id: "CVE-2022-40127", lastModified: "2025-04-30T19:15:50.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-11-14T10:15:10.293", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/2", }, { source: "security@apache.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/25960", }, { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/apache/airflow/pull/25960", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-94", }, ], source: "security@apache.org", type: "Primary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-12-14 10:15
Modified
2024-11-21 05:08
Severity ?
Summary
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E | Mailing List, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "1C49F036-33E7-4903-8B4C-DBA313191E97", versionEndExcluding: "1.10.13", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.", }, { lang: "es", value: "En Apache Airflow versiones anteriores a 1.10.13, los Gráficos y la Visualización de Consulta de la antigua interfaz del usuario (basada en Flask-admin) eran vulnerables a un ataque de tipo SSRF.", }, ], id: "CVE-2020-17513", lastModified: "2024-11-21T05:08:15.690", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-12-14T10:15:12.687", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-918", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-918", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-03-14 09:15
Modified
2025-03-20 19:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://www.openwall.com/lists/oss-security/2024/03/13/5 | Mailing List, Third Party Advisory | |
| security@apache.org | https://github.com/apache/airflow/pull/37881 | Patch | |
| security@apache.org | https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/03/13/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/apache/airflow/pull/37881 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 | Mailing List, Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", matchCriteriaId: "53B425B5-D83E-4A41-85DF-51DFCFD935E9", versionEndExcluding: "2.8.3", versionStartIncluding: "2.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. \n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability", }, { lang: "es", value: "Apache Airflow, versiones 2.8.0 a 2.8.2, tiene una vulnerabilidad que permite a un usuario autenticado con permisos limitados acceder a recursos como variables, conexiones, etc. desde la interfaz de usuario a la que no tiene permiso para acceder. Se recomienda a los usuarios de Apache Airflow actualizar a la versión 2.8.3 o posterior para mitigar el riesgo asociado con esta vulnerabilidad.", }, ], id: "CVE-2024-28746", lastModified: "2025-03-20T19:15:28.523", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-03-14T09:15:47.577", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/03/13/5", }, { source: "security@apache.org", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/37881", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2024/03/13/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/apache/airflow/pull/37881", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-281", }, ], source: "security@apache.org", type: "Primary", }, ], }
cve-2020-17515
Vulnerability from cvelistv5
Published
2020-12-11 13:40
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < 1.10.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:00:48.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { name: "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { name: "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.10.13", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Ali Abdulwahab Ali Al-habsi of Accellion", }, ], descriptions: [ { lang: "en", value: "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", }, ], problemTypes: [ { descriptions: [ { description: "Reflected XSS via Origin Parameter", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-04T14:01:40.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { name: "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { name: "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-17515", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow", version_value: "1.10.13", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Ali Abdulwahab Ali Al-habsi of Accellion", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Reflected XSS via Origin Parameter", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { name: "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E", }, { name: "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-17515", datePublished: "2020-12-11T13:40:12.000Z", dateReserved: "2020-08-12T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:33.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-24288
Vulnerability from cvelistv5
Published
2022-02-25 08:30
Modified
2024-08-03 04:07
Severity ?
EPSS score ?
Summary
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.2.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T04:07:02.359Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.2.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank Kai Zhao of the TToU Security Team for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.", }, ], metrics: [ { other: { content: { other: "high", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-25T08:30:16", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: RCE in example DAGs", workarounds: [ { lang: "en", value: "This can be mitigated by ensuring `[core] load_examples` is set to `False`.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-24288", STATE: "PUBLIC", TITLE: "Apache Airflow: RCE in example DAGs", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_value: "2.2.4", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache Airflow PMC would like to thank Kai Zhao of the TToU Security Team for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", refsource: "MISC", url: "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "This can be mitigated by ensuring `[core] load_examples` is set to `False`.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-24288", datePublished: "2022-02-25T08:30:16", dateReserved: "2022-02-01T00:00:00", dateUpdated: "2024-08-03T04:07:02.359Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22888
Vulnerability from cvelistv5
Published
2023-07-12 09:17
Modified
2024-10-04 13:48
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/32293 | patch | |
| https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.298Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/32293", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22888", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:48:07.818733Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T13:48:16.076Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Zhipeng Zhang (@timon8)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", }, ], value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-12T09:17:55.338Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/32293", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Scheduler remote DoS", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-22888", datePublished: "2023-07-12T09:17:55.338Z", dateReserved: "2023-01-09T19:39:45.667Z", dateUpdated: "2024-10-04T13:48:16.076Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41672
Vulnerability from cvelistv5
Published
2022-10-07 00:00
Modified
2024-08-03 12:49
Severity ?
EPSS score ?
Summary
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:49:43.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/26635", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.4.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-613", description: "CWE-613 Insufficient Session Expiration", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-12-20T13:11:29.772Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/26635", }, { url: "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y", }, ], source: { discovery: "UNKNOWN", }, title: "Session still functional after user is deactivated", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-41672", datePublished: "2022-10-07T00:00:00", dateReserved: "2022-09-27T00:00:00", dateUpdated: "2024-08-03T12:49:43.427Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42780
Vulnerability from cvelistv5
Published
2023-10-14 09:46
Modified
2024-09-17 15:31
Severity ?
EPSS score ?
Summary
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/34355 | patch | |
| https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:30:24.199Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/34355", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-42780", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:30:52.381584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:31:24.756Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org/", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "balis0ng", }, { lang: "en", type: "remediation developer", value: "Hussein Awala", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.<br>Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.<br><br>", }, ], value: "Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-14T09:46:09.845Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/34355", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Improper access control vulnerability in the \"List dag warnings\" feature", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42780", datePublished: "2023-10-14T09:46:09.845Z", dateReserved: "2023-09-14T06:28:34.137Z", dateUpdated: "2024-09-17T15:31:24.756Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29247
Vulnerability from cvelistv5
Published
2023-05-08 09:01
Modified
2024-10-15 18:26
Severity ?
EPSS score ?
Summary
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:15.915Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/30447", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/30779", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29247", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-15T18:25:56.857643Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-15T18:26:11.465Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "taidh from VNPT - VCI", }, { lang: "en", type: "finder", value: "kuteminh11", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Task instance details page in the UI is vulnerable to a stored XSS.<p>This issue affects Apache Airflow: before 2.6.0.</p><br>", }, ], value: "Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.\n\n\n", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-08T09:01:40.033Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/30447", }, { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/30779", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl", }, ], source: { discovery: "EXTERNAL", }, title: "Stored XSS on Apache Airflow", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-29247", datePublished: "2023-05-08T09:01:40.033Z", dateReserved: "2023-04-04T17:08:46.277Z", dateUpdated: "2024-10-15T18:26:11.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-51702
Vulnerability from cvelistv5
Published
2024-01-24 12:56
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.
This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airflow CNCF Kubernetes provider |
Version: 5.2.0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:40:34.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/29498", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/30110", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/36492", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/3", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-51702", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-01-29T16:36:41.716962Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:10:31.048Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow-providers-cncf-kubernetes", product: "Apache Airflow CNCF Kubernetes provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "7.0.0", status: "affected", version: "5.2.0", versionType: "semver", }, ], }, { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.1", status: "affected", version: "2.3.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Hussein Awala", }, { lang: "en", type: "remediation developer", value: "Hussein Awala", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.<br><br>This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.", }, ], value: "Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster.\n\nThis behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-312", description: "CWE-312 Cleartext Storage of Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T13:00:12.306Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/29498", }, { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/30110", }, { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/36492", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/24/3", }, ], source: { discovery: "INTERNAL", }, title: "Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-51702", datePublished: "2024-01-24T12:56:17.869Z", dateReserved: "2023-12-21T22:59:06.988Z", dateUpdated: "2025-02-13T17:19:48.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50783
Vulnerability from cvelistv5
Published
2023-12-21 09:28
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:23:43.160Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33932", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.8.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "balis0ng", }, { lang: "en", type: "remediation developer", value: "Ephraim Anierobi", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.<br>This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.<br>Users are recommended to upgrade to 2.8.0, which fixes this issue", }, ], value: "Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T09:30:09.942Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33932", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/21/4", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Improper access control vulnerability on the \"varimport\" endpoint", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-50783", datePublished: "2023-12-21T09:28:47.746Z", dateReserved: "2023-12-13T20:48:56.413Z", dateUpdated: "2025-02-13T17:19:40.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-48291
Vulnerability from cvelistv5
Published
2023-12-21 09:30
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2
Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:23:39.483Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/34366", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.8.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "balis0ng", }, { lang: "en", type: "remediation developer", value: "Jarek Potiuk", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.<br><br>This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 <br><br>Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.", }, ], value: "Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-668", description: "CWE-668 Exposure of Resource to Wrong Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T09:35:05.192Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/34366", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Improper access control to DAG resources", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-48291", datePublished: "2023-12-21T09:30:46.557Z", dateReserved: "2023-11-14T12:08:13.931Z", dateUpdated: "2025-02-13T17:18:16.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-45348
Vulnerability from cvelistv5
Published
2023-10-14 09:46
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default.
It is recommended to upgrade to a version that is not affected.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.7.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:21:16.332Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/34712", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/sy4l5d6tn58hr8r61r2fkt1f0qock9z9", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/23/2", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-45348", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:27:01.828747Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:27:12.016Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org/", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.2", status: "affected", version: "2.7.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "L3yx of Syclover Security Team", }, { lang: "en", type: "remediation developer", value: "Hussein Awala", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the \"expose_config\" option is set to \"non-sensitive-only\". The `expose_config` option is False by default.<br>It is recommended to upgrade to a version that is not affected.", }, ], value: "Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the \"expose_config\" option is set to \"non-sensitive-only\". The `expose_config` option is False by default.\nIt is recommended to upgrade to a version that is not affected.", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-23T17:06:17.568Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/34712", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/sy4l5d6tn58hr8r61r2fkt1f0qock9z9", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/23/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Configuration information leakage vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-45348", datePublished: "2023-10-14T09:46:44.563Z", dateReserved: "2023-10-08T19:34:31.046Z", dateUpdated: "2025-02-13T17:14:03.098Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22887
Vulnerability from cvelistv5
Published
2023-07-12 09:14
Modified
2024-10-04 13:44
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/32293 | patch | |
| https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/32293", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-22887", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:44:40.911504Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T13:44:50.075Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Zhipeng Zhang (@Timon8)", }, { lang: "en", type: "finder", value: "KietNA from National Cyber Security (NCS)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", }, ], value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-13T10:31:11.425Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/32293", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow path traversal by authenticated user", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-22887", datePublished: "2023-07-12T09:14:25.892Z", dateReserved: "2023-01-09T19:36:47.458Z", dateUpdated: "2024-10-04T13:44:50.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17836
Vulnerability from cvelistv5
Published
2019-01-23 17:00
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow <= 1.8.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:06:48.275Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow <= 1.8.2", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.", }, ], problemTypes: [ { descriptions: [ { description: "Information Exposure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-05T20:05:57", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2019-01-08T00:00:00", ID: "CVE-2017-17836", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.8.2", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Exposure", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-17836", datePublished: "2019-01-23T17:00:00Z", dateReserved: "2017-12-22T00:00:00", dateUpdated: "2024-09-17T02:27:27.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40604
Vulnerability from cvelistv5
Published
2022-09-21 07:25
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/26337 | x_refsource_MISC | |
| https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.4.0 Version: 2.3.0 < unspecified |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:21:46.082Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/apache/airflow/pull/26337", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.4.0", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "2.3.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank L3yx of Syclover Security Team for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-134", description: "CWE-134 Use of Externally-Controlled Format String", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-21T07:25:11", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/apache/airflow/pull/26337", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t", }, ], source: { discovery: "UNKNOWN", }, title: "Format String Vulnerability", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-40604", STATE: "PUBLIC", TITLE: "Format String Vulnerability", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_value: "2.4.0", }, { version_affected: ">=", version_value: "2.3.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache Airflow PMC would like to thank L3yx of Syclover Security Team for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-134 Use of Externally-Controlled Format String", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/apache/airflow/pull/26337", refsource: "MISC", url: "https://github.com/apache/airflow/pull/26337", }, { name: "https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t", refsource: "MISC", url: "https://lists.apache.org/thread/z20x8m16fnhxdkoollv53w1ybsts687t", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-40604", datePublished: "2022-09-21T07:25:11", dateReserved: "2022-09-12T00:00:00", dateUpdated: "2024-08-03T12:21:46.082Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17511
Vulnerability from cvelistv5
Published
2020-12-14 09:40
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < 1.10.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:00:48.553Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.10.13", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Ali Al-Habsi of Accellion", }, ], descriptions: [ { lang: "en", value: "In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.", }, ], problemTypes: [ { descriptions: [ { description: "Admin password gets logged in plain text", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-04T14:01:40.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-17511", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow", version_value: "1.10.13", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Ali Al-Habsi of Accellion", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Admin password gets logged in plain text", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-17511", datePublished: "2020-12-14T09:40:15.000Z", dateReserved: "2020-08-12T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:32.260Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38649
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2025-04-29 04:35
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airflow Pinot Provider |
Version: unspecified < 4.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T11:02:14.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/27641", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-38649", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-29T04:35:31.003996Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-29T04:35:58.414Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airflow Pinot Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.0.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue.", }, ], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", }, ], metrics: [ { other: { content: { other: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-22T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/27641", }, { url: "https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow Pinot provider allowed Command Injection", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-38649", datePublished: "2022-11-22T00:00:00.000Z", dateReserved: "2022-08-22T00:00:00.000Z", dateUpdated: "2025-04-29T04:35:58.414Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20244
Vulnerability from cvelistv5
Published
2019-02-27 18:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b%40%3Cdev.airflow.apache.org%3E | x_refsource_MISC | |
| https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2019/04/10/6 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow <= 1.10.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:58:18.502Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-dev] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow <= 1.10.1", }, ], }, ], datePublic: "2019-01-23T00:00:00", descriptions: [ { lang: "en", value: "In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", }, ], problemTypes: [ { descriptions: [ { description: "Stored XSS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-10T20:06:06", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-dev] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2019-01-23T00:00:00", ID: "CVE-2018-20244", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.10.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored XSS", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-dev] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", refsource: "MLIST", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2018-20244", datePublished: "2019-02-27T18:00:00Z", dateReserved: "2018-12-19T00:00:00", dateUpdated: "2024-09-16T22:24:36.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27949
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2025-04-30 19:44
Severity ?
EPSS score ?
Summary
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.3.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:41:10.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/22754", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p", }, { name: "[oss-security] 20221113 CVE-2022-27949: Apache Airflow: sensitive values in rendered template", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/3", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-27949", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-30T19:43:53.822159Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-30T19:44:13.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.3.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow PMC would like to thank James Srinivasan for reporting it.", }, ], descriptions: [ { lang: "en", value: "A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.", }, ], metrics: [ { other: { content: { other: "low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-15T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/22754", }, { url: "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p", }, { name: "[oss-security] 20221113 CVE-2022-27949: Apache Airflow: sensitive values in rendered template", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow prior to 2.3.1 may include sensitive values in rendered template", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-27949", datePublished: "2022-11-14T00:00:00.000Z", dateReserved: "2022-03-27T00:00:00.000Z", dateUpdated: "2025-04-30T19:44:13.705Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35908
Vulnerability from cvelistv5
Published
2023-07-12 09:14
Modified
2024-10-04 13:43
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/32014 | patch | |
| https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:37:40.064Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/32014", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35908", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:43:45.875086Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T13:43:55.033Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Name : Karthikeyan Singaravelan Employer : Visa", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected", }, ], value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-12T09:14:10.491Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/32014", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Airflow: Access to DAGs without relevant permission", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-35908", datePublished: "2023-07-12T09:14:10.491Z", dateReserved: "2023-06-20T03:18:55.291Z", dateUpdated: "2024-10-04T13:43:55.033Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17526
Vulnerability from cvelistv5
Published
2020-12-21 16:45
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2020/12/21/1 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < 1.10.14 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:00:47.524Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201221 CVE-2020-17526: Apache Airflow Incorrect Session Validation in Airflow Webserver with default config", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/12/21/1", }, { name: "[announce] 20210623 Success at Apache: Security in Practice", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.10.14", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Junghan Lee of Deliveryhero Korea Security Team", }, ], descriptions: [ { lang: "en", value: "Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.", }, ], problemTypes: [ { descriptions: [ { description: "Incorrect Session Validation in Airflow Webserver with default config", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-04T14:01:40.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201221 CVE-2020-17526: Apache Airflow Incorrect Session Validation in Airflow Webserver with default config", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/12/21/1", }, { name: "[announce] 20210623 Success at Apache: Security in Practice", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, workarounds: [ { lang: "en", value: "Change the default value for `[webserver] secret_key` config.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-17526", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow", version_value: "1.10.14", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Junghan Lee of Deliveryhero Korea Security Team", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Incorrect Session Validation in Airflow Webserver with default config", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201221 CVE-2020-17526: Apache Airflow Incorrect Session Validation in Airflow Webserver with default config", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/12/21/1", }, { name: "[announce] 20210623 Success at Apache: Security in Practice", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Change the default value for `[webserver] secret_key` config.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-17526", datePublished: "2020-12-21T16:45:13.000Z", dateReserved: "2020-08-12T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:35.877Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-45402
Vulnerability from cvelistv5
Published
2022-11-15 00:00
Modified
2025-04-30 15:55
Severity ?
EPSS score ?
Summary
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.4.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:09:57.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/27576", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh", }, { name: "[oss-security] 20221115 CVE-2022-45402: Apache Airflow: Open redirect during login", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/15/1", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-45402", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-30T15:54:53.010747Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-30T15:55:11.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.4.3", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank Bugra Eskici for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-15T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/27576", }, { url: "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh", }, { name: "[oss-security] 20221115 CVE-2022-45402: Apache Airflow: Open redirect during login", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/15/1", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Open redirect during login", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-45402", datePublished: "2022-11-15T00:00:00.000Z", dateReserved: "2022-11-14T00:00:00.000Z", dateUpdated: "2025-04-30T15:55:11.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37379
Vulnerability from cvelistv5
Published
2023-08-23 15:38
Modified
2025-02-13 17:01
Severity ?
EPSS score ?
Summary
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.054Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/32052", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/08/23/4", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37379", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T20:30:43.784281Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T20:30:52.921Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "kuteminh11", }, { lang: "en", type: "finder", value: "khoabda of Zalo Security Team", }, { lang: "en", type: "finder", value: "Sayooj B Kumar(Team bi0s & CRED Security team)", }, { lang: "en", type: "finder", value: "Son Tran from VNPT - VCI", }, { lang: "en", type: "finder", value: "KmhlYXJ0", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.</p><p>Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.</p><br>", }, ], value: "Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-400", description: "CWE-400 Uncontrolled Resource Consumption", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-23T15:40:05.764Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/32052", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r", }, { url: "http://www.openwall.com/lists/oss-security/2023/08/23/4", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on \"test connection\" feature", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-37379", datePublished: "2023-08-23T15:38:56.047Z", dateReserved: "2023-07-04T11:14:52.658Z", dateUpdated: "2025-02-13T17:01:16.710Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46288
Vulnerability from cvelistv5
Published
2023-10-23 18:13
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.
Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).
Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.4.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:45:40.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/32261", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46288", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-11T14:28:49.867439Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-11T14:29:25.700Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org/", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.0", status: "affected", version: "2.4.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "id_No2015429 of 3H Secruity Team", }, { lang: "en", type: "finder", value: "Lee, Wei", }, { lang: "en", type: "remediation developer", value: "Lee, Wei", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.<p>This issue affects Apache Airflow from 2.4.0 to 2.7.0.</p><p>Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the <code>expose_config</code> option is set to <code>non-sensitive-only</code>. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set <code>expose_config</code> to <code>non-sensitive-only</code> configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).</p><p>Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.</p>", }, ], value: "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.\n\nSensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).\n\nUsers are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T18:07:18.913Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/32261", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Sensitive parameters exposed in API when \"non-sensitive-only\" configuration is set", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-46288", datePublished: "2023-10-23T18:13:04.412Z", dateReserved: "2023-10-20T15:16:18.378Z", dateUpdated: "2025-02-13T17:14:24.702Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47265
Vulnerability from cvelistv5
Published
2023-12-21 09:28
Modified
2025-02-13 17:17
Severity ?
EPSS score ?
Summary
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.
Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.6.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:09:36.525Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/35460", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.8.0", status: "affected", version: "2.6.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Jens Scheffler", }, { lang: "en", type: "finder", value: "Andrey Anshin", }, { lang: "en", type: "remediation developer", value: "Jens Scheffler", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.<br><br>Users of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability<br>", }, ], value: "Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user who looks at the tasks in the browser sandbox. While this issue does not allow to exit the browser sandbox or manipulation of the server-side data - more than the DAG author already has, it allows to modify what the user looking at the DAG details sees in the browser - which opens up all kinds of possibilities of misleading other users.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T09:30:06.922Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/35460", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/21/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: DAG Params alllow to embed unchecked Javascript", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-47265", datePublished: "2023-12-21T09:28:09.653Z", dateReserved: "2023-11-05T17:23:55.191Z", dateUpdated: "2025-02-13T17:17:57.265Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46651
Vulnerability from cvelistv5
Published
2023-07-12 09:17
Modified
2024-10-04 13:45
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/32309 | patch | |
| https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:39:39.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/32309", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-46651", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:45:26.831140Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T13:45:35.520Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.<br>", }, ], value: "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-12T09:17:06.966Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/32309", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Security vulnerability on AirFlow Connections", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-46651", datePublished: "2023-07-12T09:17:06.966Z", dateReserved: "2022-12-05T22:41:44.530Z", dateUpdated: "2024-10-04T13:45:35.520Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17835
Vulnerability from cvelistv5
Published
2019-01-23 17:00
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow <= 1.8.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T21:06:48.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow <= 1.8.2", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.", }, ], problemTypes: [ { descriptions: [ { description: "Cross-Site Request Forgery", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-23T16:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2019-01-08T00:00:00", ID: "CVE-2017-17835", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.8.2", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Cross-Site Request Forgery", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-17835", datePublished: "2019-01-23T17:00:00Z", dateReserved: "2017-12-22T00:00:00", dateUpdated: "2024-09-16T17:08:32.151Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-17513
Vulnerability from cvelistv5
Published
2020-12-14 09:40
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < 1.10.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:00:48.609Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.10.13", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-918", description: "CWE-918 Server-Side Request Forgery (SSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-04T14:01:40.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-17513", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow", version_value: "1.10.13", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-918 Server-Side Request Forgery (SSRF)", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-17513", datePublished: "2020-12-14T09:40:15.000Z", dateReserved: "2020-08-12T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:32.817Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13944
Vulnerability from cvelistv5
Published
2020-09-17 14:01
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Airflow |
Version: Apache Airflow < 1.10.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:32:14.289Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { name: "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { name: "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "n/a", versions: [ { status: "affected", version: "Apache Airflow < 1.10.12", }, ], }, ], descriptions: [ { lang: "en", value: "In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-03T23:06:24", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { name: "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E", }, { name: "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-13944", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow < 1.10.12", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E", }, { name: "[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/12/11/2", }, { name: "[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E", }, { name: "[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", refsource: "MLIST", url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/05/01/2", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-13944", datePublished: "2020-09-17T14:01:40", dateReserved: "2020-06-08T00:00:00", dateUpdated: "2024-08-04T12:32:14.289Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50944
Vulnerability from cvelistv5
Published
2024-01-24 12:58
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:23:44.036Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/36257", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/5", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-50944", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-26T15:48:59.859583Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-12T18:26:38.038Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.8.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Timon8 Zhang", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.<br>", }, ], value: "Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T13:00:11.077Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/36257", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/24/5", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Bypass permission verification to read code of other dags", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-50944", datePublished: "2024-01-24T12:58:18.873Z", dateReserved: "2023-12-16T16:08:20.951Z", dateUpdated: "2025-02-13T17:19:41.763Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40954
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2025-04-29 13:50
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airflow Spark Provider |
Version: unspecified < 4.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:28:42.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/27646", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-40954", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-04-29T13:49:57.495830Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-29T13:50:28.084Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airflow Spark Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.0.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue.", }, ], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).", }, ], metrics: [ { other: { content: { other: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-22T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/27646", }, { url: "https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-40954", datePublished: "2022-11-22T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-04-29T13:50:28.084Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-49920
Vulnerability from cvelistv5
Published
2023-12-21 09:27
Modified
2025-02-13 17:18
Severity ?
EPSS score ?
Summary
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent.
Users are advised to upgrade to version 2.8.0 or later which is not affected
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.7.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:09:49.196Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/36026", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/3", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.8.0", status: "affected", version: "2.7.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Tareq Ahamed ( 0xt4req)", }, { lang: "en", type: "remediation developer", value: "Jens Scheffler", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent.<br>Users are advised to upgrade to version 2.8.0 or later which is not affected", }, ], value: "Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow UI opened - to trigger the execution of DAGs without the user's consent.\nUsers are advised to upgrade to version 2.8.0 or later which is not affected", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T09:30:08.793Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/36026", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/21/3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Missing CSRF protection on DAG/trigger", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-49920", datePublished: "2023-12-21T09:27:09.651Z", dateReserved: "2023-12-02T15:33:40.610Z", dateUpdated: "2025-02-13T17:18:58.218Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-15720
Vulnerability from cvelistv5
Published
2019-01-23 17:00
Modified
2024-09-16 22:45
Severity ?
EPSS score ?
Summary
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow <= 1.8.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:04:49.517Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow <= 1.8.2", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution (RCE)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-23T16:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57%40%3Cdev.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2019-01-08T00:00:00", ID: "CVE-2017-15720", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.8.2", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote code execution (RCE)", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/ade4d54ebf614f68dc81a08891755e60ea58ba88e0209233eeea5f57@%3Cdev.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-15720", datePublished: "2019-01-23T17:00:00Z", dateReserved: "2017-10-21T00:00:00", dateUpdated: "2024-09-16T22:45:21.283Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38054
Vulnerability from cvelistv5
Published
2022-09-02 07:10
Modified
2024-08-03 10:45
Severity ?
EPSS score ?
Summary
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/09/02/1 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.2.4 < Apache Airflow* |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:45:51.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb", }, { name: "[oss-security] 20220902 CVE-2022-38054: Apache Airflow: Session Fixation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "Apache Airflow*", status: "affected", version: "2.2.4", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank Kai Zhao for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-384", description: "CWE-384 Session Fixation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-02T08:06:17", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb", }, { name: "[oss-security] 20220902 CVE-2022-38054: Apache Airflow: Session Fixation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/1", }, ], source: { discovery: "UNKNOWN", }, title: "Session Fixation", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-38054", STATE: "PUBLIC", TITLE: "Session Fixation", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: ">=", version_name: "Apache Airflow", version_value: "2.2.4", }, { version_affected: "<=", version_name: "Apache Airflow", version_value: "2.3.3 +1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache Airflow PMC would like to thank Kai Zhao for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-384 Session Fixation", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb", refsource: "MISC", url: "https://lists.apache.org/thread/rsd3h89xdp16rg0ltovx3m7q3ypkxsbb", }, { name: "[oss-security] 20220902 CVE-2022-38054: Apache Airflow: Session Fixation", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/09/02/1", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-38054", datePublished: "2022-09-02T07:10:21", dateReserved: "2022-08-09T00:00:00", dateUpdated: "2024-08-03T10:45:51.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45229
Vulnerability from cvelistv5
Published
2022-02-25 08:30
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.2.4 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:20.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.2.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung R&D Institute Ukraine (SRK) and Ali Al-Habsi of Accellion for independently discovering and reporting this issue.", }, ], descriptions: [ { lang: "en", value: "It was discovered that the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.", }, ], metrics: [ { other: { content: { other: "high", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-25T08:30:15", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Reflected XSS via Origin Query Argument in URL", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-45229", STATE: "PUBLIC", TITLE: "Apache Airflow: Reflected XSS via Origin Query Argument in URL", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_value: "2.2.4", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung R&D Institute Ukraine (SRK) and Ali Al-Habsi of Accellion for independently discovering and reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It was discovered that the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ { other: "high", }, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", refsource: "MISC", url: "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-45229", datePublished: "2022-02-25T08:30:15", dateReserved: "2021-12-17T00:00:00", dateUpdated: "2024-08-04T04:39:20.190Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35005
Vulnerability from cvelistv5
Published
2023-06-19 08:15
Modified
2024-10-09 14:11
Severity ?
EPSS score ?
Summary
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.
This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.
This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.5.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:17:04.260Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/31788", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/31820", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35005", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-09T14:11:19.307758Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-09T14:11:44.152Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.2", status: "affected", version: "2.5.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Piotr Chomiak from Astro product security team", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<div>In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.</div><div>This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.</div><br><div>This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.<br></div>", }, ], value: "In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.\n\nThis vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.\n\n\nThis issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.\n\n\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-19T08:15:18.029Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/31788", }, { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/31820", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Information disclosure on configuration view", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-35005", datePublished: "2023-06-19T08:15:18.029Z", dateReserved: "2023-06-09T16:17:10.561Z", dateUpdated: "2024-10-09T14:11:44.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43985
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-08-03 13:47
Severity ?
EPSS score ?
Summary
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:47:04.593Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/27143", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.4.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank Axel Chong (@Haxatron) [https://hackerone.com/haxatron1] for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-02T00:00:00", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/27143", }, { url: "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow prior to 2.4.2 has an open redirect", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-43985", datePublished: "2022-11-02T00:00:00", dateReserved: "2022-10-28T00:00:00", dateUpdated: "2024-08-03T13:47:04.593Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25141
Vulnerability from cvelistv5
Published
2024-02-20 20:30
Modified
2025-02-13 17:40
Severity ?
EPSS score ?
Summary
When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.
Users are recommended to upgrade to version 4.0.0, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow Mongo Provider |
Version: 1.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.630Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/37214", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/02/20/5", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow_mongo_provider:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow_mongo_provider", vendor: "apache", versions: [ { status: "affected", version: "0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-25141", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-15T19:28:23.619747Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-15T19:31:04.235Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow-providers-mongo", product: "Apache Airflow Mongo Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.0.0", status: "affected", version: "1.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Noah Stapp", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">When </span><code>ssl</code><span style=\"background-color: rgb(255, 255, 255);\"> was enabled for Mongo Hook, default settings included \"allow_insecure\" which caused that certificates were not validated. This was unexpected and undocumented.</span><br>Users are recommended to upgrade to version 4.0.0, which fixes this issue.", }, ], value: "When ssl was enabled for Mongo Hook, default settings included \"allow_insecure\" which caused that certificates were not validated. This was unexpected and undocumented.\nUsers are recommended to upgrade to version 4.0.0, which fixes this issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-20T20:35:06.778Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/37214", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm", }, { url: "http://www.openwall.com/lists/oss-security/2024/02/20/5", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-25141", datePublished: "2024-02-20T20:30:28.924Z", dateReserved: "2024-02-06T09:03:40.736Z", dateUpdated: "2025-02-13T17:40:48.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-28359
Vulnerability from cvelistv5
Published
2021-05-02 07:55
Modified
2024-08-03 21:40
Severity ?
EPSS score ?
Summary
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow 2.0.0 Version: Apache Airflow 2.0.1 Version: Apache Airflow < 1.10.15 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:40:14.401Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow 2.0.0", }, { status: "affected", version: "Apache Airflow 2.0.1", }, { lessThan: "1.10.15", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Vasileios Daskalakis", }, ], descriptions: [ { lang: "en", value: "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).", }, ], problemTypes: [ { descriptions: [ { description: "Reflected XSS via Origin Parameter", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-05-03T23:06:23", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432%40%3Cannounce.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow Reflected XSS via Origin Query Argument in URL", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-28359", STATE: "PUBLIC", TITLE: "Apache Airflow Reflected XSS via Origin Query Argument in URL", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow", version_value: "1.10.15", }, { version_affected: "=", version_name: "Apache Airflow", version_value: "2.0.0", }, { version_affected: "=", version_name: "Apache Airflow", version_value: "2.0.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Vasileios Daskalakis", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Reflected XSS via Origin Parameter", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-28359", datePublished: "2021-05-02T07:55:12", dateReserved: "2021-03-13T00:00:00", dateUpdated: "2024-08-03T21:40:14.401Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-9485
Vulnerability from cvelistv5
Published
2020-07-16 23:21
Modified
2024-08-04 10:26
Severity ?
EPSS score ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 1.10.10 and below |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:26:16.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.10.10 and below", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", }, ], problemTypes: [ { descriptions: [ { description: "Stored XSS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T23:21:35", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-9485", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "1.10.10 and below", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored XSS", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-9485", datePublished: "2020-07-16T23:21:35", dateReserved: "2020-03-01T00:00:00", dateUpdated: "2024-08-04T10:26:16.269Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42792
Vulnerability from cvelistv5
Published
2023-10-14 09:47
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:30:24.713Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/34366", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-42792", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-17T15:25:27.486870Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-17T15:25:41.620Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org/", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "balis0ng", }, { lang: "en", type: "remediation developer", value: "Jarek Potiuk", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.<br><br>Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.<br>", }, ], value: "Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-668", description: "CWE-668 Exposure of Resource to Wrong Sphere", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-21T15:06:23.601Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/34366", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", }, { url: "http://www.openwall.com/lists/oss-security/2023/12/21/1", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Improper access control to DAG resources", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42792", datePublished: "2023-10-14T09:47:07.741Z", dateReserved: "2023-09-14T09:32:21.441Z", dateUpdated: "2025-02-13T17:09:43.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39508
Vulnerability from cvelistv5
Published
2023-08-05 06:47
Modified
2025-02-13 17:03
Severity ?
EPSS score ?
Summary
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:21.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/29706", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", }, { tags: [ "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Jul/43", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow", vendor: "apache", versions: [ { lessThan: "2.6.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-39508", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-02T16:18:16.065665Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-02T16:21:24.955Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "balis0ng", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.<p>The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0<br></p><p>This issue affects Apache Airflow: before 2.6.0.</p>", }, ], value: "Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-250", description: "CWE-250: Execution with Unnecessary Privileges", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-05T06:50:06.031Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/29706", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", }, { url: "http://seclists.org/fulldisclosure/2023/Jul/43", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Airflow \"Run task\" feature allows execution with unnecessary priviledges", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-39508", datePublished: "2023-08-05T06:47:14.951Z", dateReserved: "2023-08-03T08:34:33.364Z", dateUpdated: "2025-02-13T17:03:08.290Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40611
Vulnerability from cvelistv5
Published
2023-09-12 11:05
Modified
2025-02-13 17:08
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.1 or later which has removed the vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:50.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33413", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "happyhacking", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.<br><br>Users should upgrade to version 2.7.1 or later which has removed the vulnerability.<br>", }, ], value: "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-12T15:06:15.442Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33413", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow Dag Runs Broken Access Control Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-40611", datePublished: "2023-09-12T11:05:22.841Z", dateReserved: "2023-08-17T14:01:13.240Z", dateUpdated: "2025-02-13T17:08:37.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-38170
Vulnerability from cvelistv5
Published
2022-09-02 07:10
Modified
2024-08-03 10:45
Severity ?
EPSS score ?
Summary
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2022/09/02/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2022/09/02/12 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2022/09/21/2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T10:45:52.810Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", }, { name: "[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/3", }, { name: "[oss-security] 20220902 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/12", }, { name: "[oss-security] 20220920 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/09/21/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.3.3", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank Harry Sintonen for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.", }, ], problemTypes: [ { descriptions: [ { description: "Overly permissive umask for deamons", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-21T11:06:07", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", }, { name: "[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/3", }, { name: "[oss-security] 20220902 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/09/02/12", }, { name: "[oss-security] 20220920 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2022/09/21/2", }, ], source: { discovery: "UNKNOWN", }, title: "Overly permissive umask for daemons", workarounds: [ { lang: "en", value: "Run without the `--daemon` flag via a process supervisor instead (systemd, runit, etc.).", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-38170", STATE: "PUBLIC", TITLE: "Overly permissive umask for daemons", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<=", version_name: "Apache Airflow", version_value: "2.3.3", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache Airflow PMC would like to thank Harry Sintonen for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Overly permissive umask for deamons", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", refsource: "MISC", url: "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", }, { name: "[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/09/02/3", }, { name: "[oss-security] 20220902 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/09/02/12", }, { name: "[oss-security] 20220920 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2022/09/21/2", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Run without the `--daemon` flag via a process supervisor instead (systemd, runit, etc.).", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-38170", datePublished: "2022-09-02T07:10:21", dateReserved: "2022-08-11T00:00:00", dateUpdated: "2024-08-03T10:45:52.810Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40127
Vulnerability from cvelistv5
Published
2022-11-14 00:00
Modified
2025-04-30 18:58
Severity ?
EPSS score ?
Summary
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < 2.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/25960", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy", }, { name: "[oss-security] 20221113 CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example", tags: [ "mailing-list", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/2", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-40127", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-30T18:58:19.200830Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-30T18:58:45.160Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.4.0", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow PMC would like to thank L3yx of Syclover Security Team.", }, ], descriptions: [ { lang: "en", value: "A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.", }, ], metrics: [ { other: { content: { other: "low", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-14T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/25960", }, { url: "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy", }, { name: "[oss-security] 20221113 CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example", tags: [ "mailing-list", ], url: "http://www.openwall.com/lists/oss-security/2022/11/14/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow <2.4.0 has an RCE in a bash example", workarounds: [ { lang: "en", value: "Do not enable example dags on systems that should not allow UI user to execute an arbitrary command.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-40127", datePublished: "2022-11-14T00:00:00.000Z", dateReserved: "2022-09-06T00:00:00.000Z", dateUpdated: "2025-04-30T18:58:45.160Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-43982
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-08-03 13:47
Severity ?
EPSS score ?
Summary
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:47:04.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/27143", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.4.2", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank id_No2015429 of 3H Security Team for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow versions prior to 2.4.2, the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-02T00:00:00", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/27143", }, { url: "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-43982", datePublished: "2022-11-02T00:00:00", dateReserved: "2022-10-28T00:00:00", dateUpdated: "2024-08-03T13:47:04.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11978
Vulnerability from cvelistv5
Published
2020-07-16 00:00
Modified
2025-02-06 20:54
Severity ?
EPSS score ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 1.10.10 and below |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:58.274Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-11978", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T20:53:53.819046Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-18", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11978", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T20:54:01.080Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.10.10 and below", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-19T17:06:16.877Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, { url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-11978", datePublished: "2020-07-16T00:00:00.000Z", dateReserved: "2020-04-21T00:00:00.000Z", dateUpdated: "2025-02-06T20:54:01.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42781
Vulnerability from cvelistv5
Published
2023-11-12 13:14
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:30:24.179Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/34939", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-42781", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T15:20:08.869571Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T15:22:21.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "balis0ng", }, { lang: "en", type: "remediation developer", value: "Hussein Awala", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.<br>Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", }, ], value: "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-12T13:15:07.114Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/34939", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Permission verification bypass allows viewing dagruns of other dags", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42781", datePublished: "2023-11-12T13:14:09.700Z", dateReserved: "2023-09-14T07:01:50.218Z", dateUpdated: "2025-02-13T17:09:41.138Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36543
Vulnerability from cvelistv5
Published
2023-07-12 09:17
Modified
2024-10-04 13:47
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/32060 | patch | |
| https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:53.133Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/32060", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36543", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T13:45:53.756616Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T13:47:18.046Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "National Cyber Security VietNam (NCS VietNam)", }, { lang: "en", type: "finder", value: "hungtd", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", }, ], value: "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1333", description: "CWE-1333 Inefficient Regular Expression Complexity", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-21T10:49:46.622Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/32060", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Airflow: ReDoS via dags function", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-36543", datePublished: "2023-07-12T09:17:33.707Z", dateReserved: "2023-06-23T00:31:48.279Z", dateUpdated: "2024-10-04T13:47:18.046Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25754
Vulnerability from cvelistv5
Published
2023-05-08 11:57
Modified
2025-02-13 16:44
Severity ?
EPSS score ?
Summary
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:32:12.455Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/29506", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/05/08/2", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow", vendor: "apache", versions: [ { lessThan: "2.6.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-25754", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T19:27:15.556791Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T19:30:23.409Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.6.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "ksw9722@naver.com", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.<p>This issue affects Apache Airflow: before 2.6.0.</p>", }, ], value: "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-270", description: "CWE-270 Privilege Context Switching Error", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-08T12:00:11.232Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/29506", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", }, { url: "http://www.openwall.com/lists/oss-security/2023/05/08/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Privilege escalation using airflow logs", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-25754", datePublished: "2023-05-08T11:57:45.144Z", dateReserved: "2023-02-13T14:49:15.008Z", dateUpdated: "2025-02-13T16:44:37.529Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41131
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2025-04-29 15:11
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airflow Hive Provider |
Version: unspecified < 4.1.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:35:49.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/27647", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-41131", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-29T15:11:00.216562Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-29T15:11:16.156Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airflow Hive Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.1.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "2.3.0", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue.", }, ], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).", }, ], metrics: [ { other: { content: { other: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-22T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/27647", }, { url: "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-41131", datePublished: "2022-11-22T00:00:00.000Z", dateReserved: "2022-09-19T00:00:00.000Z", dateUpdated: "2025-04-29T15:11:16.156Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-47037
Vulnerability from cvelistv5
Published
2023-11-12 13:12
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.
Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.3 or later which has removed the vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T21:01:22.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33413", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-47037", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-03T15:19:46.132761Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-03T15:23:17.353Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Tareq Ahamed from Hackerone", }, { lang: "en", type: "remediation developer", value: "Augusto Hidalgo", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p><span style=\"background-color: rgb(255, 255, 255);\">We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. </span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. </span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Users should upgrade to version 2.7.3 or later which has removed the vulnerability.</span><br></p><br><br>", }, ], value: "We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-863", description: "CWE-863 Incorrect Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-12T13:15:08.897Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33413", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/12/1", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-47037", datePublished: "2023-11-12T13:12:23.137Z", dateReserved: "2023-10-30T10:10:48.025Z", dateUpdated: "2025-02-13T17:14:45.806Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-38540
Vulnerability from cvelistv5
Published
2021-09-09 15:05
Modified
2024-08-04 01:44
Severity ?
EPSS score ?
Summary
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < 2.1.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T01:44:23.448Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210909 CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.3", status: "affected", version: "Apache Airflow ", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow would like to thank Nathan Jones, National Australia Bank’s Offensive Security Team", }, ], descriptions: [ { lang: "en", value: "The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-09T19:06:12", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210909 CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2%40%3Cannounce.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Variable Import endpoint missed authentication check", workarounds: [ { lang: "en", value: "Upgrade to Apache Airflow >=2.1.3", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-38540", STATE: "PUBLIC", TITLE: "Apache Airflow: Variable Import endpoint missed authentication check", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow ", version_value: "2.1.3", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Airflow would like to thank Nathan Jones, National Australia Bank’s Offensive Security Team", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution. This issue affects Apache Airflow >=2.0.0, <2.1.3.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-269 Improper Privilege Management", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/rb34c3dd1a815456355217eef34060789f771b6f77c3a3dec77de2064%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210909 CVE-2021-38540: Apache Airflow: Variable Import endpoint missed authentication check", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rac2ed9118f64733e47b4f1e82ddc8c8020774698f13328ca742b03a2@%3Cannounce.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Upgrade to Apache Airflow >=2.1.3", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-38540", datePublished: "2021-09-09T15:05:09", dateReserved: "2021-08-11T00:00:00", dateUpdated: "2024-08-04T01:44:23.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-42447
Vulnerability from cvelistv5
Published
2024-08-05 08:02
Modified
2025-03-19 14:39
Severity ?
EPSS score ?
Summary
Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.
This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out.
* FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected)
* FAB provider 1.2.0 affected all versions of Airflow.
Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.
Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.
Also upgrading Apache Airflow to latest version available is recommended.
Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images.
Users are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/40784 | patch | |
| https://lists.apache.org/thread/2zoo8cjlwfjhbfdxfgltcm0hnc0qmc52 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow Providers FAB |
Version: 1.2.0 ≤ 1.2.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T08:03:26.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/04/2", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-42447", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-19T14:38:49.072024Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-19T14:39:15.524Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.org/project/apache-airflow-providers-fab/", defaultStatus: "unaffected", packageName: "apache-airflow-providers-fab", product: "Apache Airflow Providers FAB", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.2.1", status: "affected", version: "1.2.0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.</p><p>This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. </p><p>* FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected)</p><p>* FAB provider 1.2.0 affected all versions of Airflow.<br></p><p><span style=\"background-color: var(--wht);\">Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.</span><br></p><p>Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.</p>Also upgrading Apache Airflow to latest version available is recommended.<br><br><p>Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images. </p><p>Users are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.</p><br>", }, ], value: "Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB.\n\nThis issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. \n\n* FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected)\n\n* FAB provider 1.2.0 affected all versions of Airflow.\n\nUsers who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.\n\nUsers who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue.\n\nAlso upgrading Apache Airflow to latest version available is recommended.\n\nNote: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images. \n\nUsers are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-613", description: "CWE-613: Insufficient Session Expiration", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-05T08:02:31.921Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/40784", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/2zoo8cjlwfjhbfdxfgltcm0hnc0qmc52", }, ], source: { discovery: "EXTERNAL", }, title: "Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-42447", datePublished: "2024-08-05T08:02:31.921Z", dateReserved: "2024-08-02T00:03:35.191Z", dateUpdated: "2025-03-19T14:39:15.524Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12398
Vulnerability from cvelistv5
Published
2020-01-14 16:28
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cdev.airflow.apache.org%3E | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2020/01/14/2 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:17:40.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[airflow-dev] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2020/01/14/2", }, { name: "[airflow-users] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Airflow", vendor: "Apache", versions: [ { status: "affected", version: "Apache Airflow <= 1.10.4", }, ], }, ], descriptions: [ { lang: "en", value: "In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected.", }, ], problemTypes: [ { descriptions: [ { description: "Stored XSS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-14T16:28:56", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[airflow-dev] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2020/01/14/2", }, { name: "[airflow-users] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-12398", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.10.4", }, ], }, }, ], }, vendor_name: "Apache", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored XSS", }, ], }, ], }, references: { reference_data: [ { name: "[airflow-dev] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2020/01/14/2", }, { name: "[airflow-users] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-12398", datePublished: "2020-01-14T16:28:35", dateReserved: "2019-05-28T00:00:00", dateUpdated: "2024-08-04T23:17:40.125Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26559
Vulnerability from cvelistv5
Published
2021-02-17 14:15
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/02/17/1 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow 2.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:26:25.506Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210217 CVE-2021-26559: Apache Airflow 2.0.0: CWE-284 Improper Access Control on Configurations Endpoint for the Stable API", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/1", }, { name: "[announce] 20210217 CVE-2021-26559: Apache Airflow: CWE-284 Privilege Escalation Attack", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow 2.0.0", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow would like to thank Ian Carroll for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control on Configurations Endpoint for the Stable API", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-03T20:28:08.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210217 CVE-2021-26559: Apache Airflow 2.0.0: CWE-284 Improper Access Control on Configurations Endpoint for the Stable API", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/1", }, { name: "[announce] 20210217 CVE-2021-26559: Apache Airflow: CWE-284 Privilege Escalation Attack", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8%40%3Cannounce.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "CWE-284 Improper Access Control on Configurations Endpoint for the Stable API", workarounds: [ { lang: "en", value: "Upgrade to Airflow 2.0.1 or remove `can read on Configurations` permission from the roles like Viewer and Users if you want to restrict users with those roles to view configurations in 2.0.0.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-26559", STATE: "PUBLIC", TITLE: "CWE-284 Improper Access Control on Configurations Endpoint for the Stable API", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "=", version_name: "Apache Airflow", version_value: "2.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Airflow would like to thank Ian Carroll for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-284 Improper Access Control on Configurations Endpoint for the Stable API", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210217 CVE-2021-26559: Apache Airflow 2.0.0: CWE-284 Improper Access Control on Configurations Endpoint for the Stable API", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/02/17/1", }, { name: "[announce] 20210217 CVE-2021-26559: Apache Airflow: CWE-284 Privilege Escalation Attack", refsource: "MLIST", url: "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Upgrade to Airflow 2.0.1 or remove `can read on Configurations` permission from the roles like Viewer and Users if you want to restrict users with those roles to view configurations in 2.0.0.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-26559", datePublished: "2021-02-17T14:15:14.000Z", dateReserved: "2021-02-02T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:54.002Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39863
Vulnerability from cvelistv5
Published
2024-07-17 07:53
Modified
2024-09-13 17:05
Severity ?
EPSS score ?
Summary
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/40475 | patch | |
| https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow", vendor: "apache", versions: [ { lessThan: "2.9.3", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39863", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T19:39:48.270556Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-29T19:40:05.275Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-13T17:05:03.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/40475", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/16/6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.9.3", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Seokchan Yoon (https://github.com/ch4n3-yoon)", }, { lang: "en", type: "remediation developer", value: "Amogh Desai", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.<br>", }, ], value: "Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-22T08:50:07.217Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/40475", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Potential XSS Vulnerability", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-39863", datePublished: "2024-07-17T07:53:31.820Z", dateReserved: "2024-07-01T05:11:17.189Z", dateUpdated: "2024-09-13T17:05:03.928Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-50943
Vulnerability from cvelistv5
Published
2024-01-24 12:57
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T22:23:43.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/36255", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/01/24/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.8.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Peng Zhou (zpbrent@gmail.com)", }, { lang: "en", type: "remediation developer", value: "Hussein Awala", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.<br>", }, ], value: "Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-24T13:00:09.773Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/36255", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn", }, { url: "http://www.openwall.com/lists/oss-security/2024/01/24/4", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Potential pickle deserialization vulnerability in XComs", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-50943", datePublished: "2024-01-24T12:57:07.287Z", dateReserved: "2023-12-16T16:02:36.817Z", dateUpdated: "2025-02-13T17:19:41.203Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-25142
Vulnerability from cvelistv5
Published
2024-06-14 08:25
Modified
2025-03-20 19:18
Severity ?
EPSS score ?
Summary
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/39550 | patch | |
| https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-25142", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-14T18:05:59.532700Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T19:18:38.244Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-13T16:03:08.456Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/39550", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", }, { url: "http://www.openwall.com/lists/oss-security/2024/06/13/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.9.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Jens Scheffler", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. </p><p>Airflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.</p><p>This issue affects Apache Airflow: before 2.9.2.</p><p>Users are recommended to upgrade to version 2.9.2, which fixes the issue.</p>", }, ], value: "Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.\n\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-525", description: "CWE-525: Use of Web Browser Cache Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-14T08:25:35.633Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/39550", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-25142", datePublished: "2024-06-14T08:25:35.633Z", dateReserved: "2024-02-06T09:11:20.044Z", dateUpdated: "2025-03-20T19:18:38.244Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0229
Vulnerability from cvelistv5
Published
2019-04-10 19:51
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/04/10/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/107869 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Airflow |
Version: Apache Airflow <= 1.10.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:44:15.942Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { name: "107869", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107869", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "n/a", versions: [ { status: "affected", version: "Apache Airflow <= 1.10.2", }, ], }, ], datePublic: "2019-04-10T00:00:00", descriptions: [ { lang: "en", value: "A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.", }, ], problemTypes: [ { descriptions: [ { description: "CSRF", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-11T16:06:04", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { name: "107869", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107869", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0229", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.10.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CSRF", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { name: "107869", refsource: "BID", url: "http://www.securityfocus.com/bid/107869", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-0229", datePublished: "2019-04-10T19:51:13", dateReserved: "2018-11-14T00:00:00", dateUpdated: "2024-08-04T17:44:15.942Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28746
Vulnerability from cvelistv5
Published
2024-03-14 08:41
Modified
2025-03-20 19:04
Severity ?
EPSS score ?
Summary
Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.
Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.8.0 ≤ |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-28746", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-03-15T16:26:13.987222Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T19:04:18.928Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:56:58.123Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/37881", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/03/13/5", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.8.3", status: "affected", version: "2.8.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Alex Liotta", }, { lang: "en", type: "remediation developer", value: "Vincent(Vincbeck)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. <br><br>Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability<br>", }, ], value: "Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. \n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-281", description: "CWE-281 Improper Preservation of Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T19:07:36.723Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/37881", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7", }, { url: "http://www.openwall.com/lists/oss-security/2024/03/13/5", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Ignored Airflow Permissions", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-28746", datePublished: "2024-03-14T08:41:03.928Z", dateReserved: "2024-03-08T08:28:25.706Z", dateUpdated: "2025-03-20T19:04:18.928Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40712
Vulnerability from cvelistv5
Published
2023-09-12 11:05
Modified
2024-09-25 15:23
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.
Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:38:51.164Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33512", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33516", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40712", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-25T15:02:02.022379Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-25T15:23:45.803Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.1", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "klexadoc", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.<br><br>Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.", }, ], value: "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T11:05:48.763Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33512", }, { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33516", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Secrets can be unmasked in the \"Rendered Template\" ", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-40712", datePublished: "2023-09-12T11:05:48.763Z", dateReserved: "2023-08-20T19:29:57.254Z", dateUpdated: "2024-09-25T15:23:45.803Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-12614
Vulnerability from cvelistv5
Published
2018-08-06 13:00
Modified
2024-09-16 21:57
Severity ?
EPSS score ?
Summary
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f%40%3Cdev.airflow.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: < 1.9.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T18:43:56.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[dev] 20180806 CVE-2017-12614 XSS Vulnerability in Airflow < 1.9", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f%40%3Cdev.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "< 1.9.0", }, ], }, ], datePublic: "2018-08-06T00:00:00", descriptions: [ { lang: "en", value: "It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.", }, ], problemTypes: [ { descriptions: [ { description: "XSS Vulnerability", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-08-06T12:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[dev] 20180806 CVE-2017-12614 XSS Vulnerability in Airflow < 1.9", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f%40%3Cdev.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2018-08-06T00:00:00", ID: "CVE-2017-12614", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "< 1.9.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "XSS Vulnerability", }, ], }, ], }, references: { reference_data: [ { name: "[dev] 20180806 CVE-2017-12614 XSS Vulnerability in Airflow < 1.9", refsource: "MLIST", url: "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f@%3Cdev.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-12614", datePublished: "2018-08-06T13:00:00Z", dateReserved: "2017-08-07T00:00:00", dateUpdated: "2024-09-16T21:57:17.157Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-26697
Vulnerability from cvelistv5
Published
2021-02-17 14:15
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2021/02/17/2 | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cdev.airflow.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow 2.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:33:40.321Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/2", }, { name: "[airflow-dev] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow 2.0.0", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow would like to thank Ian Carroll for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-03T20:35:16.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/02/17/2", }, { name: "[airflow-dev] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9%40%3Cannounce.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-26697", STATE: "PUBLIC", TITLE: "Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "=", version_name: "Apache Airflow", version_value: "2.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Airflow would like to thank Ian Carroll for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-269 Improper Privilege Management", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", }, { name: "[oss-security] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/02/17/2", }, { name: "[airflow-dev] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E", }, { name: "[airflow-users] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", refsource: "MLIST", url: "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E", }, { name: "[announce] 20210217 CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-26697", datePublished: "2021-02-17T14:15:15.000Z", dateReserved: "2021-02-04T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:54.957Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20245
Vulnerability from cvelistv5
Published
2019-01-23 17:00
Modified
2024-09-16 19:40
Severity ?
EPSS score ?
Summary
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow <= 1.10.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:58:18.762Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73%40%3Cdev.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow <= 1.10.0", }, ], }, ], datePublic: "2019-01-08T00:00:00", descriptions: [ { lang: "en", value: "The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.", }, ], problemTypes: [ { descriptions: [ { description: "Improper Certificate Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-23T16:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73%40%3Cdev.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2019-01-08T00:00:00", ID: "CVE-2018-20245", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.10.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper Certificate Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73@%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/b549c7573b342a6e457e5a3225c33054244343927bbfb2a4cdc4cf73@%3Cdev.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2018-20245", datePublished: "2019-01-23T17:00:00Z", dateReserved: "2018-12-19T00:00:00", dateUpdated: "2024-09-16T19:40:46.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-39441
Vulnerability from cvelistv5
Published
2023-08-23 15:39
Modified
2025-02-13 17:03
Severity ?
EPSS score ?
Summary
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.
The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.
Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airflow SMTP Provider |
Version: 0 ≤ |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:10:20.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33075", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33108", }, { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33070", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/08/23/2", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-39441", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T20:31:29.615848Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T20:31:38.779Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow SMTP Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "1.30", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Apache Airflow IMAP Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "3.3.0", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Martin Schobert, Pentagrid AG", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Apache Airflow SMTP Provider </span><span style=\"background-color: rgb(255, 255, 255);\">before 1.3.0</span><span style=\"background-color: rgb(255, 255, 255);\">, Apache Airflow IMAP Provider </span><span style=\"background-color: rgb(255, 255, 255);\">before 3.3.0, and</span><span style=\"background-color: rgb(255, 255, 255);\"> Apache Airflow </span><span style=\"background-color: rgb(255, 255, 255);\">before 2.7.0 are affected by the </span>Validation of OpenSSL Certificate vulnerability.<br><br><span style=\"background-color: rgb(255, 255, 255);\">The default SSL context with SSL library did not check a server's X.509 </span><span style=\"background-color: rgb(255, 255, 255);\">certificate. Instead, the code accepted any certificate, which could </span><span style=\"background-color: rgb(255, 255, 255);\">result in the disclosure of mail server credentials or mail contents </span><span style=\"background-color: rgb(255, 255, 255);\">when the client connects to an attacker in a MITM position.<br><br></span><span style=\"background-color: var(--wht);\">Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability</span>", }, ], value: "Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.\n\nThe default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.\n\nUsers are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295 Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-23T15:40:07.139Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33075", }, { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33108", }, { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33070", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb", }, { url: "http://www.openwall.com/lists/oss-security/2023/08/23/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-39441", datePublished: "2023-08-23T15:39:51.632Z", dateReserved: "2023-08-02T12:26:27.028Z", dateUpdated: "2025-02-13T17:03:05.348Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-0216
Vulnerability from cvelistv5
Published
2019-04-10 19:52
Modified
2024-08-04 17:44
Severity ?
EPSS score ?
Summary
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/04/10/6 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/107869 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Airflow |
Version: Apache Airflow <= 1.10.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:44:14.865Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { name: "107869", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/107869", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "n/a", versions: [ { status: "affected", version: "Apache Airflow <= 1.10.2", }, ], }, ], datePublic: "2019-04-10T00:00:00", descriptions: [ { lang: "en", value: "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", }, ], problemTypes: [ { descriptions: [ { description: "Stored XSS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-04-11T16:06:04", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { name: "107869", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/107869", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-0216", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow <= 1.10.2", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored XSS", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E", }, { name: "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2019/04/10/6", }, { name: "107869", refsource: "BID", url: "http://www.securityfocus.com/bid/107869", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-0216", datePublished: "2019-04-10T19:52:12", dateReserved: "2018-11-14T00:00:00", dateUpdated: "2024-08-04T17:44:14.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11982
Vulnerability from cvelistv5
Published
2020-07-16 23:21
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 1.10.10 and below |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.10.10 and below", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T23:21:25", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-11982", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "1.10.10 and below", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-11982", datePublished: "2020-07-16T23:21:25", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11983
Vulnerability from cvelistv5
Published
2020-07-16 23:21
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 1.10.10 and below |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.10.10 and below", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T23:21:30", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-11983", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "1.10.10 and below", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-11983", datePublished: "2020-07-16T23:21:30", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.534Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-32077
Vulnerability from cvelistv5
Published
2024-05-14 10:43
Modified
2025-03-27 19:28
Severity ?
EPSS score ?
Summary
Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.
Users are recommended to upgrade to version 2.9.1, which fixes this issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.9.0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow", vendor: "apache", versions: [ { status: "affected", version: "2.9.0", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-32077", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-14T18:35:34.470154Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T19:28:00.194Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:06:43.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/38882", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/05/14/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.9.1", status: "affected", version: "2.9.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Ming", }, { lang: "en", type: "remediation developer", value: "Jens Scheffler", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. <br>Users are recommended to upgrade to version 2.9.1, which fixes this issue.<br>", }, ], value: "Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. \nUsers are recommended to upgrade to version 2.9.1, which fixes this issue.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-10T17:09:03.874Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/38882", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/gsjmnrqb3m5fzp0vgpty1jxcywo91v77", }, { url: "http://www.openwall.com/lists/oss-security/2024/05/14/1", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: XSS vulnerability in Task Instance Log/Log Details", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-32077", datePublished: "2024-05-14T10:43:20.299Z", dateReserved: "2024-04-10T16:19:52.126Z", dateUpdated: "2025-03-27T19:28:00.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39877
Vulnerability from cvelistv5
Published
2024-07-17 07:54
Modified
2024-09-13 17:05
Severity ?
EPSS score ?
Summary
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/40522 | patch | |
| https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.4.0 ≤ |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow:2.4.0:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow", vendor: "apache", versions: [ { lessThan: "2.9.3", status: "affected", version: "2.4.0", versionType: "semver", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39877", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-18T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-277", description: "CWE-277 Insecure Inherited Permissions", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-02T03:55:22.200Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-13T17:05:04.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/40522", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1", }, { url: "http://www.openwall.com/lists/oss-security/2024/07/16/7", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.9.3", status: "affected", version: "2.4.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Seokchan Yoon (https://github.com/ch4n3-yoon)", }, { lang: "en", type: "remediation developer", value: "Wei Lee", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.", }, ], value: "Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-17T07:54:24.338Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/40522", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-39877", datePublished: "2024-07-17T07:54:24.338Z", dateReserved: "2024-07-01T16:18:42.845Z", dateUpdated: "2024-09-13T17:05:04.979Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-25695
Vulnerability from cvelistv5
Published
2023-03-15 09:37
Modified
2025-02-13 14:29
Severity ?
EPSS score ?
Summary
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/29501 | patch | |
| https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T11:25:19.290Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/29501", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-25695", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-13T14:29:36.089982Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-13T14:29:40.759Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "kuteminh11", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.<p>This issue affects Apache Airflow: before 2.5.2.</p>", }, ], value: "Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.\n\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209 Generation of Error Message Containing Sensitive Information", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-15T09:37:11.437Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/29501", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2", }, ], source: { discovery: "UNKNOWN", }, title: "Information disclosure in Apache Airflow", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-25695", datePublished: "2023-03-15T09:37:11.437Z", dateReserved: "2023-02-13T00:21:30.680Z", dateUpdated: "2025-02-13T14:29:40.759Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-46215
Vulnerability from cvelistv5
Published
2023-10-28 07:10
Modified
2025-02-13 17:14
Severity ?
EPSS score ?
Summary
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.
Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Note: the vulnerability is about the information exposed in the logs not about accessing the logs.
This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.
Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airflow Celery provider |
Version: 3.3.0 ≤ 3.4.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T20:37:40.115Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/34954", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/28/1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-46215", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-09T14:33:38.842447Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-09T14:34:05.718Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow-providers-celery", product: "Apache Airflow Celery provider", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "3.4.0", status: "affected", version: "3.3.0", versionType: "semver", }, ], }, { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.0", status: "affected", version: "1.10.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "husseinawala", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.<br><br><p>Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend<br>Note: the vulnerability is about the information exposed in the logs not about accessing the logs.</p><p>This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.</p><p>Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.</p>", }, ], value: "Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.\n\nSensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend\nNote: the vulnerability is about the information exposed in the logs not about accessing the logs.\n\nThis issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.\n\nUsers are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-532", description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-28T07:15:07.278Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/34954", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/28/1", }, ], source: { discovery: "INTERNAL", }, title: "Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-46215", datePublished: "2023-10-28T07:10:57.943Z", dateReserved: "2023-10-18T22:05:37.824Z", dateUpdated: "2025-02-13T17:14:18.898Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-42663
Vulnerability from cvelistv5
Published
2023-10-14 09:47
Modified
2025-02-13 17:09
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T19:23:40.097Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/34315", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org/", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "balis0ng", }, { lang: "en", type: "remediation developer", value: "Ephraim Anierobi", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.<br>Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.<br></p>", }, ], value: "Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-12T15:06:17.072Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/34315", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/12/2", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Bypass permission verification to view task instances of other dags", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-42663", datePublished: "2023-10-14T09:47:26.494Z", dateReserved: "2023-09-12T19:03:03.989Z", dateUpdated: "2025-02-13T17:09:31.436Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40754
Vulnerability from cvelistv5
Published
2022-09-21 07:25
Modified
2024-08-03 12:28
Severity ?
EPSS score ?
Summary
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/26409 | x_refsource_MISC | |
| https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: unspecified < 2.4.0 Version: 2.3.0 < unspecified |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:28:41.539Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/apache/airflow/pull/26409", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.4.0", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "affected", version: "2.3.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "The Apache Airflow PMC would like to thank Konstantin Weddige (Lutra Security) for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-601", description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-09-21T07:25:11", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/apache/airflow/pull/26409", }, { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm", }, ], source: { discovery: "UNKNOWN", }, title: "Open Redirect", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-40754", STATE: "PUBLIC", TITLE: "Open Redirect", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_value: "2.4.0", }, { version_affected: ">=", version_value: "2.3.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "The Apache Airflow PMC would like to thank Konstantin Weddige (Lutra Security) for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/apache/airflow/pull/26409", refsource: "MISC", url: "https://github.com/apache/airflow/pull/26409", }, { name: "https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm", refsource: "MISC", url: "https://lists.apache.org/thread/cn098dcp5x3c402xrb06p3l7nz5goffm", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-40754", datePublished: "2022-09-21T07:25:12", dateReserved: "2022-09-16T00:00:00", dateUpdated: "2024-08-03T12:28:41.539Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-31869
Vulnerability from cvelistv5
Published
2024-04-18 07:19
Modified
2025-03-13 16:10
Severity ?
EPSS score ?
Summary
Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 2.7.0 ≤ 2.8.4 |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-31869", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-18T20:47:34.207684Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-13T16:10:23.130Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:59:50.558Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/38795", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/pz6vg7wcjk901rmsgt86h76g6kfcgtk3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "2.8.4", status: "affected", version: "2.7.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Manmeet Rangoola", }, { lang: "en", type: "remediation developer", value: "Jarek Potiuk", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration <span style=\"background-color: rgb(255, 255, 255);\">via the \"configuration\" UI page </span>when \"non-sensitive-only\" was set as \"webserver.expose_config\" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your \"expose_config\" configuration to False as a workaround. This is similar, but different to <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/advisories/GHSA-9qqg-mh7c-chfq\">CVE-2023-46288</a> which concerned API, not UI configuration page.", }, ], value: "Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the \"configuration\" UI page when \"non-sensitive-only\" was set as \"webserver.expose_config\" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your \"expose_config\" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-01T18:07:20.416Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/38795", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/pz6vg7wcjk901rmsgt86h76g6kfcgtk3", }, { url: "http://www.openwall.com/lists/oss-security/2024/04/17/10", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Sensitive configuration for providers displayed when \"non-sensitive-only\" config used", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-31869", datePublished: "2024-04-18T07:19:05.033Z", dateReserved: "2024-04-06T19:52:15.124Z", dateUpdated: "2025-03-13T16:10:23.130Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-41937
Vulnerability from cvelistv5
Published
2024-08-21 15:31
Modified
2025-03-20 20:22
Severity ?
EPSS score ?
Summary
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.
Users should upgrade to 2.10.0 or later, which fixes this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/40933 | patch | |
| https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-21T17:02:32.321Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/21/3", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-41937", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-22T13:36:00.532202Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T20:22:38.511Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://pypi.python.org", defaultStatus: "unaffected", packageName: "apache-airflow", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.10.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "sw0rd1ight (https://github.com/sw0rd1ight)", }, { lang: "en", type: "remediation developer", value: "Amogh Desai", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.<br>Users should upgrade to 2.10.0 or later, which fixes this vulnerability.", }, ], value: "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-21T15:31:13.962Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/40933", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Stored XSS Vulnerability on provider link", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-41937", datePublished: "2024-08-21T15:31:13.962Z", dateReserved: "2024-07-24T08:17:37.300Z", dateUpdated: "2025-03-20T20:22:38.511Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-35936
Vulnerability from cvelistv5
Published
2021-08-16 07:25
Modified
2024-08-04 00:40
Severity ?
EPSS score ?
Summary
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow < 2.1.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T00:40:47.453Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.1.2", status: "affected", version: "Apache Airflow", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow would like to thank Dolev Farhi for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-16T07:25:11", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "No Authentication on Logging Server", workarounds: [ { lang: "en", value: "Use remote logging with GCS, S3, Elasticsearch etc. This is recommended for production environments.\n\nAnd do not publicly expose any other ports apart from Webserver port, Flower port etc.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-35936", STATE: "PUBLIC", TITLE: "No Authentication on Logging Server", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow", version_value: "2.1.2", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Airflow would like to thank Dolev Farhi for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "Use remote logging with GCS, S3, Elasticsearch etc. This is recommended for production environments.\n\nAnd do not publicly expose any other ports apart from Webserver port, Flower port etc.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-35936", datePublished: "2021-08-16T07:25:11", dateReserved: "2021-06-29T00:00:00", dateUpdated: "2024-08-04T00:40:47.453Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13927
Vulnerability from cvelistv5
Published
2020-11-10 00:00
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Airflow |
Version: Apache Airflow <1.10.11 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow", vendor: "apache", versions: [ { lessThan: "1.10.11", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2020-13927", options: [ { Exploitation: "active", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T21:03:08.842589Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2022-01-18", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-13927", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-1188", description: "CWE-1188 Initialization of a Resource with an Insecure Default", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-1056", description: "CWE-1056 Invokable Control Element with Variadic Parameters", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-24T21:04:38.490Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T12:32:14.443Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "n/a", versions: [ { status: "affected", version: "Apache Airflow <1.10.11", }, ], }, ], descriptions: [ { lang: "en", value: "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-19T17:06:18.408615", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", }, { url: "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, { url: "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", }, ], }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-13927", datePublished: "2020-11-10T00:00:00", dateReserved: "2020-06-08T00:00:00", dateUpdated: "2024-08-04T12:32:14.443Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-22884
Vulnerability from cvelistv5
Published
2023-01-21 13:02
Modified
2025-03-31 14:53
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/apache/airflow/pull/28811 | patch | |
| https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:20:31.113Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/28811", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-22884", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-31T14:53:11.693659Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-31T14:53:54.464Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.5.1", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Apache Airflow MySQL Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Son Tran from VNPT - VCI", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.<p>This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.</p>", }, ], value: "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.\n\n", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-77", description: "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-12T10:11:50.999Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/28811", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-22884", datePublished: "2023-01-21T13:02:49.475Z", dateReserved: "2023-01-09T19:22:17.207Z", dateUpdated: "2025-03-31T14:53:54.464Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45230
Vulnerability from cvelistv5
Published
2022-01-20 10:25
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: Apache Airflow 1.10 1.10.0 to 1.10.15 Version: Apache Airflow 2 < 2.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:20.469Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "Apache Airflow 1.10 1.10.0 to 1.10.15", }, { lessThan: "2.2.0", status: "affected", version: "Apache Airflow 2", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow PMC would like to thank Franco Cano Erazo for reporting this issue.", }, ], descriptions: [ { lang: "en", value: "In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has \"can_create\" permissions on DAG Runs can create Dag Runs for dags that they don't have \"edit\" permissions for.", }, ], problemTypes: [ { descriptions: [ { description: "Permission checks were limited.", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-01-20T10:25:10", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver", workarounds: [ { lang: "en", value: "This is a very low severity CVE and admins can mitigate this issue by removing the global \"can_create\" permissions on DagRun for Airflow versions >=2.0.0,<2.2.0 and 1.10.x versions that have set `rbac=True` in config.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-45230", STATE: "PUBLIC", TITLE: "Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_affected: "<", version_name: "Apache Airflow 2", version_value: "2.2.0", }, { version_name: "Apache Airflow 1.10", version_value: "1.10.0 to 1.10.15", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Apache Airflow PMC would like to thank Franco Cano Erazo for reporting this issue.", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has \"can_create\" permissions on DAG Runs can create Dag Runs for dags that they don't have \"edit\" permissions for.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: [ {}, ], problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Permission checks were limited.", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", refsource: "MISC", url: "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", }, ], }, source: { discovery: "UNKNOWN", }, work_around: [ { lang: "en", value: "This is a very low severity CVE and admins can mitigate this issue by removing the global \"can_create\" permissions on DagRun for Airflow versions >=2.0.0,<2.2.0 and 1.10.x versions that have set `rbac=True` in config.", }, ], }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-45230", datePublished: "2022-01-20T10:25:10", dateReserved: "2021-12-17T00:00:00", dateUpdated: "2024-08-04T04:39:20.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-11981
Vulnerability from cvelistv5
Published
2020-07-16 23:21
Modified
2024-08-04 11:48
Severity ?
EPSS score ?
Summary
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 1.10.10 and below |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T11:48:57.081Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.10.10 and below", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.", }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-16T23:21:18", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-11981", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "1.10.10 and below", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-11981", datePublished: "2020-07-16T23:21:18", dateReserved: "2020-04-21T00:00:00", dateUpdated: "2024-08-04T11:48:57.081Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-29621
Vulnerability from cvelistv5
Published
2021-06-07 19:00
Modified
2024-08-03 22:11
Severity ?
EPSS score ?
Summary
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89 | x_refsource_CONFIRM | |
| https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580 | x_refsource_MISC | |
| https://pypi.org/project/Flask-AppBuilder/ | x_refsource_MISC | |
| https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| dpgaspar | Flask-AppBuilder |
Version: < 3.3.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T22:11:06.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://pypi.org/project/Flask-AppBuilder/", }, { name: "[announce] 20210618 Apache Airflow CVE: CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder <= 3.2.3.", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210623 Success at Apache: Security in Practice", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, { name: "[airflow-commits] 20210712 [GitHub] [airflow] ashb commented on pull request #16942: Relax version constraint on ``Flask-Appbuilder``", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Flask-AppBuilder", vendor: "dpgaspar", versions: [ { status: "affected", version: "< 3.3.0", }, ], }, ], descriptions: [ { lang: "en", value: "Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-203", description: "CWE-203: Observable Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-12T21:06:16", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580", }, { tags: [ "x_refsource_MISC", ], url: "https://pypi.org/project/Flask-AppBuilder/", }, { name: "[announce] 20210618 Apache Airflow CVE: CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder <= 3.2.3.", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210623 Success at Apache: Security in Practice", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352%40%3Cannounce.apache.org%3E", }, { name: "[airflow-commits] 20210712 [GitHub] [airflow] ashb commented on pull request #16942: Relax version constraint on ``Flask-Appbuilder``", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0%40%3Ccommits.airflow.apache.org%3E", }, ], source: { advisory: "GHSA-434h-p4gx-jm89", discovery: "UNKNOWN", }, title: "Observable Response Discrepancy in Flask-AppBuilder", x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2021-29621", STATE: "PUBLIC", TITLE: "Observable Response Discrepancy in Flask-AppBuilder", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Flask-AppBuilder", version: { version_data: [ { version_value: "< 3.3.0", }, ], }, }, ], }, vendor_name: "dpgaspar", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder <= 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version 3.3.0 or higher to resolve.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-203: Observable Discrepancy", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89", refsource: "CONFIRM", url: "https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-434h-p4gx-jm89", }, { name: "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580", refsource: "MISC", url: "https://github.com/dpgaspar/Flask-AppBuilder/commit/780bd0e8fbf2d36ada52edb769477e0a4edae580", }, { name: "https://pypi.org/project/Flask-AppBuilder/", refsource: "MISC", url: "https://pypi.org/project/Flask-AppBuilder/", }, { name: "[announce] 20210618 Apache Airflow CVE: CVE-2021-29621: User enumeration in database authentication in Flask-AppBuilder <= 3.2.3.", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r5b754118ba4e996adf03863705d34168bffec202da5c6bdc9bf3add5@%3Cannounce.apache.org%3E", }, { name: "[announce] 20210623 Success at Apache: Security in Practice", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E", }, { name: "[airflow-commits] 20210712 [GitHub] [airflow] ashb commented on pull request #16942: Relax version constraint on ``Flask-Appbuilder``", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r91067f953906d93aaa1c69fe2b5472754019cc6bd4f1ba81349d62a0@%3Ccommits.airflow.apache.org%3E", }, ], }, source: { advisory: "GHSA-434h-p4gx-jm89", discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2021-29621", datePublished: "2021-06-07T19:00:12", dateReserved: "2021-03-30T00:00:00", dateUpdated: "2024-08-03T22:11:06.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40189
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2025-04-29 04:25
Severity ?
EPSS score ?
Summary
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Airlfow Pig Provider |
Version: unspecified < 4.0.0 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:14:39.657Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/apache/airflow/pull/27644", }, { tags: [ "x_transferred", ], url: "https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-40189", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-29T04:24:47.927458Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-04-29T04:25:48.603Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Apache Airlfow Pig Provider", vendor: "Apache Software Foundation", versions: [ { lessThan: "4.0.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "Apache Airflow ", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.3.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Apache Airflow PMC wants to thank id_No2015429 of 3H Security Team for reporting the issue.", }, ], descriptions: [ { lang: "en", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", }, ], metrics: [ { other: { content: { other: "moderate", }, type: "unknown", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-22T00:00:00.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { url: "https://github.com/apache/airflow/pull/27644", }, { url: "https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Airlfow Pig Provider RCE", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-40189", datePublished: "2022-11-22T00:00:00.000Z", dateReserved: "2022-09-08T00:00:00.000Z", dateUpdated: "2025-04-29T04:25:48.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40273
Vulnerability from cvelistv5
Published
2023-08-23 15:37
Modified
2024-09-27 20:29
Severity ?
EPSS score ?
Summary
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).
With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.
Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:52.401Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "patch", "x_transferred", ], url: "https://github.com/apache/airflow/pull/33347", }, { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", }, { tags: [ "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2023/08/23/1", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "airflow", vendor: "apache", versions: [ { lessThanOrEqual: "2.7.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-40273", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-27T20:28:46.438042Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-27T20:29:59.422Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Airflow", vendor: "Apache Software Foundation", versions: [ { lessThan: "2.7.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Yusuf AYDIN (@h1_yusuf)", }, { lang: "en", type: "finder", value: "L3yx of Syclover Security Team.", }, { lang: "en", type: "finder", value: "Son Tran of VNPT-VCI", }, { lang: "en", type: "finder", value: "Thuong Nguyen (@nthuong95)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for <code>database</code> session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).</p><p>With this fix implemented, when using the <code>database</code> session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the <code>securecookie</code> session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.</p>Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.<br>", }, ], value: "The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.\n", }, ], metrics: [ { other: { content: { text: "low", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-384", description: "CWE-384 Session Fixation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-12T06:42:10.576Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "patch", ], url: "https://github.com/apache/airflow/pull/33347", }, { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", }, { url: "https://www.openwall.com/lists/oss-security/2023/08/23/1", }, ], source: { discovery: "UNKNOWN", }, title: "Session fixation in Apache Airflow web interface", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-40273", datePublished: "2023-08-23T15:37:49.378Z", dateReserved: "2023-08-13T15:37:41.647Z", dateUpdated: "2024-09-27T20:29:59.422Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-12417
Vulnerability from cvelistv5
Published
2019-10-30 21:04
Modified
2024-08-04 23:17
Severity ?
EPSS score ?
Summary
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc%40%3Cusers.airflow.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Airflow |
Version: Apache Airflow up to 1.10.5 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:17:40.098Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[airflow-users] 20191030 [CVE-2019-12417] Apache Airflow stored xss and local file disclosure vulnerability <= 1.10.5", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc%40%3Cusers.airflow.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache Airflow", vendor: "n/a", versions: [ { status: "affected", version: "Apache Airflow up to 1.10.5", }, ], }, ], descriptions: [ { lang: "en", value: "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.", }, ], problemTypes: [ { descriptions: [ { description: "Stored XSS and Local File Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-30T21:04:32", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[airflow-users] 20191030 [CVE-2019-12417] Apache Airflow stored xss and local file disclosure vulnerability <= 1.10.5", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc%40%3Cusers.airflow.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2019-12417", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Airflow", version: { version_data: [ { version_value: "Apache Airflow up to 1.10.5", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Stored XSS and Local File Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "[airflow-users] 20191030 [CVE-2019-12417] Apache Airflow stored xss and local file disclosure vulnerability <= 1.10.5", refsource: "MLIST", url: "https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc@%3Cusers.airflow.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2019-12417", datePublished: "2019-10-30T21:04:32", dateReserved: "2019-05-28T00:00:00", dateUpdated: "2024-08-04T23:17:40.098Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }