2 matches found
CVE-2019-12398
In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...
CVE-2019-12398
Apache Airflow prior to 1.10.5 with the classic UI is affected. A malicious admin can modify object state in the Airflow metadata database to execute arbitrary JavaScript on certain page views (XSS). The RBAC UI is unaffected. Exploitation details and concrete fixes are not provided in the suppli...