Lucene search
ApacheCVELIST:CVE-2022-38170HistorySep 02, 2022 - 7:10 a.m.
CVE-2022-38170 Overly permissive umask for daemons
2022-09-0207:10:21
apache
www.cve.org
cve-2022-38170
apache airflow
umask
race condition
world-writable files
local users
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
CNA Affected
[
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "Apache Airflow",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2022-38170
2022-09-02 07:15:07
veracode
veracode
Information Disclosure
2024-04-03 09:48:05
nvd
nvd
CVE-2022-38170
2022-09-02 07:15:07
osv
osv
PYSEC-2022-261
2022-09-02 07:15:00
CVE-2022-38170
2022-09-02 07:15:07
BIT-airflow-2022-38170
2024-03-06 10:57:57
hackerone
hackerone
Internet Bug Bounty: Airflow Daemon Mode Insecure Umask Privilege Escalation
2022-09-02 22:36:31
prion
prion
Race condition
2022-09-02 07:15:00
github
github
Apache Airflow exposes arbitrary file content
2022-09-03 00:00:25