Lucene search
HistoryAug 16, 2022 - 2:15 p.m.
CVE-2022-38362
cve-2022-38362
apache airflow
docker
provider
example dag
remote code exploit
nvd
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
34.0%
Apache Airflow Docker’s Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Affected configurations
Node
apache_software_foundationapache_strutsRange≤3.0.0
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "Apache Airflow Docker Provider",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
veracode
veracode
Remote Code Execution (RCE)
2022-08-17 04:35:26
github
github
Remote code execution in Apache Airflow Docker's Provider
2022-08-17 00:00:21
osv
osv
Remote code execution in Apache Airflow Docker's Provider
2022-08-17 00:00:21
cvelist
cvelist
CVE-2022-38362 Docker Provider <3.0 RCE vulnerability in example dag
2022-08-16 14:10:09
cnvd
cnvd
Apache Airflow Remote Code Execution Vulnerability (CNVD-2022-59057)
2022-08-19 00:00:00
hackerone
hackerone
nvd
nvd
CVE-2022-38362
2022-08-16 14:15:08
prion
prion
Design/Logic Flaw
2022-08-16 14:15:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.8
Confidence
High
EPSS
0.001
Percentile
34.0%
Related for CVE-2022-38362