Lucene search
HistoryJul 17, 2024 - 8:15 a.m.
CVE-2024-39863
apache airflow
vulnerability
authenticated attackers
malicious links
provider installation
upgrade
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
27.3%
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.
Affected configurations
Node
apacheairflowRange<2.9.3
Related
osv
osv
CGA-45cj-mqr9-6j37
2024-07-18 18:19:42
CVE-2024-39863
2024-07-17 08:15:01
BIT-airflow-2024-39863
2024-07-19 07:16:29
vulnrichment
vulnrichment
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability
2024-07-17 07:53:31
wolfi
wolfi
CVE-2024-39863 vulnerabilities
2024-09-19 21:18:36
github
github
Apache Airflow Potential Cross-site Scripting Vulnerability
2024-07-17 09:30:48
cvelist
cvelist
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability
2024-07-17 07:53:31
veracode
veracode
Link Injection
2024-07-18 06:17:21
cve
cve
CVE-2024-39863
2024-07-17 08:15:01
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
27.3%
Related for NVD:CVE-2024-39863