13 matches found
Apache Airflow <=1.10.10 - Remote Code Execution
Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending on the executor in us...
Exploit for OS Command Injection in Apache Airflow
This is a proof-of-concept PoC exploit for CVE-2020-11978, a remote code execution RCE vulnerability in Apache Airflow's example DAGs. The exploit targets Airflow versions less than 1.10.11 and allows an attacker to execute arbitrary commands on the system. The exploit uses the Airflow Experiment...
Apache Airflow 1.10.10 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Airflow 1.10.10 - Example DAG Remote Code Execution', 'Description' = %q This module exploits an unauthenticated command injection...
Apache Airflow < 1.10.11 Multiple Vulnerabilities
The version of Apache Airflow is prior to 1.10.11. It is, therefore, affected by multiple vulnerabilities, including the following: - An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker Redis, RabbitMQ directly, it i...
Apache Airflow Command Injection (CVE-2020-11978; CVE-2020-13927)
A command injection vulnerability exists in Apache Airflow. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-11978
creationtimestamp| type| source ---|---|--- 2021-06-03 00:39:25+00:00| seen| https://t.me/pwnwikizhchannel/579 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-09-18 22:16:38+00:00| seen|...
Apache Airflow 1.10.10 - (Example Dag) Remote Code Execution Exploit
Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker apache/airflow:1.10 .10...
Apache Airflow 1.10.10 Remote Code Execution
Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...
Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution
Exploit Title: Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution Date: 2021-06-02 Exploit Author: Pepe Berba Vendor Homepage: https://airflow.apache.org/ Software Link: https://airflow.apache.org/docs/apache-airflow/stable/installation.html Version: = 1.10.10 Tested on: Docker...
Exploit for OS Command Injection in Apache Airflow
CVE-2020-11978: Remote code execution in Apache Airflow's Exa...
Fedora 31 : virtualbox-guest-additions (2020-dbf6c6f22f)
New upstream release Overview of fixed security issues: https://www.oracle.com/security-alerts/cpujul2020.htmlAppendixOVIR Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean...
CVE-2020-11978
An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending o...
CVE-2020-11978
Apache Airflow CVE-2020-11978 affects Airflow 1.10.10 and earlier in one of the shipped example DAGs, enabling remote command execution. The root cause is a command-injection vulnerability in the example DAGs, which could allow an authenticated user to run arbitrary commands as the user running t...