CVE-2022-38170 (GCVE-0-2022-38170)
Vulnerability from cvelistv5
Published
2022-09-02 07:10
Modified
2024-08-03 10:45
Severity ?
CWE
  • Overly permissive umask for deamons
Summary
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache Airflow Version: Apache Airflow   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:45:52.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv"
          },
          {
            "name": "[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/02/3"
          },
          {
            "name": "[oss-security] 20220902 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/02/12"
          },
          {
            "name": "[oss-security] 20220920 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/09/21/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Airflow",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.3.3",
              "status": "affected",
              "version": "Apache Airflow",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The Apache Airflow PMC would like to thank Harry Sintonen for reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Overly permissive umask for deamons",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-21T11:06:07",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv"
        },
        {
          "name": "[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/02/3"
        },
        {
          "name": "[oss-security] 20220902 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/02/12"
        },
        {
          "name": "[oss-security] 20220920 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/09/21/2"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Overly permissive umask for daemons",
      "workarounds": [
        {
          "lang": "en",
          "value": "Run without the `--daemon` flag via a process supervisor instead (systemd, runit, etc.)."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2022-38170",
          "STATE": "PUBLIC",
          "TITLE": "Overly permissive umask for daemons"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Airflow",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Apache Airflow",
                            "version_value": "2.3.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "The Apache Airflow PMC would like to thank Harry Sintonen for reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {}
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Overly permissive umask for deamons"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv"
            },
            {
              "name": "[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/09/02/3"
            },
            {
              "name": "[oss-security] 20220902 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/09/02/12"
            },
            {
              "name": "[oss-security] 20220920 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/09/21/2"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Run without the `--daemon` flag via a process supervisor instead (systemd, runit, etc.)."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2022-38170",
    "datePublished": "2022-09-02T07:10:21",
    "dateReserved": "2022-08-11T00:00:00",
    "dateUpdated": "2024-08-03T10:45:52.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-38170\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2022-09-02T07:15:07.833\",\"lastModified\":\"2024-11-21T07:15:55.980\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.\"},{\"lang\":\"es\",\"value\":\"En Apache Airflow versiones anteriores a 2.3.4, era configurado una m\u00e1scara de usuario no segura para numerosos componentes de Airflow cuando es ejecutado con el flag \\\"--daemon\\\", lo que pod\u00eda resultar en una condici\u00f3n de carrera que daba lugar a archivos de escritura mundial en el directorio principal de Airflow y permit\u00eda a usuarios locales exponer contenidos de archivos arbitrarios por medio del servidor web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.4\",\"matchCriteriaId\":\"FAFEE08F-9E2C-434B-B67A-6183062070BE\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/02/12\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/02/3\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/21/2\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/02/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/02/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/09/21/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.