Lucene search
HistoryNov 14, 2022 - 10:15 a.m.
CVE-2022-40127
apache airflow
example dags
vulnerability
arbitrary commands
ui access
cve-2022-40127
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.371 Low
EPSS
Percentile
97.2%
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
Affected configurations
Node
apacheairflowRange<2.4.0
Related
githubexploit
githubexploit
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
Exploit for Code Injection in Apache Airflow
2023-07-21 12:55:16
nuclei
nuclei
AirFlow < 2.4.0 - Remote Code Execution
2022-11-23 12:41:34
hackerone
hackerone
cnvd
cnvd
Apache Airflow code injection vulnerability
2022-11-17 00:00:00
osv
osv
PYSEC-2022-42982
2022-11-14 10:15:00
BIT-airflow-2022-40127
2024-03-06 10:57:35
CVE-2022-40127
2022-11-14 10:15:10
cve
cve
CVE-2022-40127
2022-11-14 10:15:10
veracode
veracode
Arbitrary Code Execution
2022-11-15 06:46:03
github
github
Apache Airflow vulnerable to OS Command Injection via example DAGs
2022-11-14 12:00:15
prion
prion
Design/Logic Flaw
2022-11-14 10:15:00
cvelist
cvelist
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example
2022-11-14 00:00:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.371 Low
EPSS
Percentile
97.2%
Related for NVD:CVE-2022-40127