Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2022-38170
HistorySep 02, 2022 - 7:15 a.m.

Race condition

2022-09-0207:15:00
PRIOn knowledge base
www.prio-n.com
apache airflow
insecure umask
race condition
world-writable files
arbitrary file exposure

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

CPENameOperatorVersion
airflowlt2.3.4

Related

nvd 1
cvelist 1
cve 1
veracode 1
osv 4
hackerone 1
github 1
nvd
nvd
CVE-2022-38170
2022-09-02 07:15:07
cvelist
cvelist
CVE-2022-38170 Overly permissive umask for daemons
2022-09-02 07:10:21
cve
cve
CVE-2022-38170
2022-09-02 07:15:07
veracode
veracode
Information Disclosure
2024-04-03 09:48:05
osv
osv
PYSEC-2022-261
2022-09-02 07:15:00
CVE-2022-38170
2022-09-02 07:15:07
BIT-airflow-2022-38170
2024-03-06 10:57:57
hackerone
hackerone
Internet Bug Bounty: Airflow Daemon Mode Insecure Umask Privilege Escalation
2022-09-02 22:36:31
github
github
Apache Airflow exposes arbitrary file content
2022-09-03 00:00:25

4.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for PRION:CVE-2022-38170
nvd1cvelist1cve1veracode1osv4hackerone1github1