Lucene search
LeixiaoH1:1776476HistoryNov 17, 2022 - 12:43 a.m.
Internet Bug Bounty: CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example
2022-11-1700:43:30
leixiao
hackerone.com
$4000
103
internet bug bounty
cve-2022-40127
remote code execution
apache airflow
command injection
dags
security vulnerability
os command execution
bug bounty
EPSS
0.4
Percentile
97.3%
airflow-2.3.3/airflow/example_dags/example_bash_operator.py has a command injection vulnerability.
I can control the run_id in the following code(example_bash_operator.py),So I can inject custom commands.
also_run_this = BashOperator(
task_id='also_run_this',
bash_command='echo "run_id={{ run_id }} | dag_run={{ dag_run }}"',
)
Enter the DAGs menu and start example_bash_operator task, select βTrigger DAG w/ configβ.Set the run_id to " touch /tmp/success " and trigger.
{F2036322}
Impact
Execute any OS command
Related
cnvd
cnvd
Apache Airflow code injection vulnerability
2022-11-17 00:00:00
osv
osv
PYSEC-2022-42982
2022-11-14 10:15:00
BIT-airflow-2022-40127
2024-03-06 10:57:35
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
cvelist
cvelist
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
2022-11-14 00:00:00
githubexploit
githubexploit
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
nuclei
nuclei
AirFlow < 2.4.0 - Remote Code Execution
2022-11-23 12:41:34
prion
prion
Design/Logic Flaw
2022-11-14 10:15:00
nvd
nvd
CVE-2022-40127
2022-11-14 10:15:10
veracode
veracode
Arbitrary Code Execution
2022-11-15 06:46:03
github
github
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
cve
cve
CVE-2022-40127
2022-11-14 10:15:10