Lucene search
HistoryAug 16, 2022 - 2:15 p.m.
CVE-2022-38362
cve-2022-38362
apache airflow
docker
provider
example dag
remote code exploit
nvd
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
Apache Airflow Docker’s Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Affected configurations
Node
apacheairflowRange≤3.0.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:apache-airflow-providers-docker | apache apache-airflow-providers-docker | lt | 3.0.0 |
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "Apache Airflow Docker Provider",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
veracode
veracode
Remote Code Execution (RCE)
2022-08-17 04:35:26
github
github
Remote code execution in Apache Airflow Docker's Provider
2022-08-17 00:00:21
cnvd
cnvd
Apache Airflow Remote Code Execution Vulnerability (CNVD-2022-59057)
2022-08-19 00:00:00
hackerone
hackerone
cvelist
cvelist
CVE-2022-38362 Docker Provider <3.0 RCE vulnerability in example dag
2022-08-16 14:10:09
osv
osv
Remote code execution in Apache Airflow Docker's Provider
2022-08-17 00:00:21
nvd
nvd
CVE-2022-38362
2022-08-16 14:15:08
prion
prion
Design/Logic Flaw
2022-08-16 14:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.0%
Related for CVE-2022-38362