| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
| CVE-2022-24288 | 25 Feb 202209:15 | – | attackerkb | |
| CVE-2022-24288 | 25 Feb 202212:20 | – | circl | |
| Apache Airflow 操作系统命令注入漏洞 | 25 Feb 202200:00 | – | cnnvd | |
| Apache Airflow OS Command Injection Vulnerability (CNVD-2022-18263) | 28 Feb 202200:00 | – | cnvd | |
| Apache Airflow Command Injection (CVE-2022-24288) | 31 Oct 202200:00 | – | checkpoint_advisories | |
| CVE-2022-24288 | 25 Feb 202208:30 | – | cve | |
| CVE-2022-24288 Apache Airflow: RCE in example DAGs | 25 Feb 202208:30 | – | cvelist | |
| Fedora 37 : golang-cloud-google (2022-6e5bcf2979) | 15 Nov 202400:00 | – | nessus | |
| OS Command injection in Apache Airflow | 26 Feb 202200:00 | – | github | |
| Internet Bug Bounty: CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs | 27 Feb 202204:49 | – | hackerone |
id: CVE-2022-24288
info:
name: Apache Airflow OS Command Injection
author: xeldax
severity: high
description: Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the target system.
remediation: |
Apply the latest security patches or upgrade to a patched version of Apache Airflow.
reference:
- https://github.com/advisories/GHSA-3v7g-4pg3-7r6j
- https://nvd.nist.gov/vuln/detail/CVE-2022-24288
- https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Hax0rG1rl/my_cve_and_bounty_poc
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-24288
cwe-id: CWE-78
epss-score: 0.7788
epss-percentile: 0.99516
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: apache
product: airflow
shodan-query:
- title:"Airflow - DAGs" || http.html:"Apache Airflow"
- http.title:"airflow - dags" || http.html:"apache airflow"
- http.title:"sign in - airflow"
- product:"redis"
fofa-query:
- title="sign in - airflow"
- apache airflow
- title="airflow - dags" || http.html:"apache airflow"
google-query:
- intitle:"sign in - airflow"
- intitle:"airflow - dags" || http.html:"apache airflow"
tags: cve,cve2022,airflow,rce,apache,vkev,vuln
http:
- method: GET
path:
- "{{BaseURL}}/admin/airflow/code?root=&dag_id=example_passing_params_via_test_command"
- "{{BaseURL}}/code?dag_id=example_passing_params_via_test_command"
stop-at-first-match: true
matchers:
- type: word
words:
- 'foo was passed in via Airflow CLI Test command with value {{ params.foo }}' # Works with unauthenticated airflow instance
# digest: 4a0a00473045022100926cfdd778561e24a0fceb4375d25592d5ac00bfe128f7dfa3adfcb733e2b1300220349e2bb3267623ece318cafe1f6d7f3ee59b973fa13251580792bb37825c9f3c:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation