GHSA-2RX4-9F5H-9GJF Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

Arbitrary Code Execution

Apache Airflow CNCF Kubernetes is vulnerable to Arbitrary Code Execution. The vulnerability exists because the xcom sidecar image and resources are not properly restricted which allows an attacker to inject arbitrary codes to change the connection object and perform unauthorized actions...

CVE-2023-33234

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

PT-2023-4070 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow CNCF Kubernetes provider version 5.0.0 Description: The issue is related to a weakness in the procedure for neutralizing special elements in output, which can allow an attacker to execute arbitrary code. This can be exploited b...