Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
•added 2022/09/03 12:0 a.m.•6 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +130 more potentially affected by CVE-2022-38170 via apache-airflow (>=1.8.2 <=2.3.2)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-38170 Source advisory: OSV:GHSA-Q8H9-PQCX-59HW...

4.7CVSS5.7AI score0.00593EPSS
Exploits0
vulnersOsv
vulnersOsv
•added 2022/09/02 7:15 a.m.•5 views

acceldata-o2a (=1.0.0), acryl-datahub-airflow-plugin (>=0.8.44.4 <=1.3.1.post1) +130 more potentially affected by CVE-2022-38170 via apache-airflow (>=1.8.2 <=2.3.2)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.1.1, =0.2.0, =0.11.0 and more Source cves: CVE-2022-38170 Source advisory: OSV:PYSEC-2022-261...

4.7CVSS5.7AI score0.00593EPSS
Exploits0
Cvelist
Cvelist
•added 2022/09/02 7:10 a.m.•38 views

CVE-2022-38170 Overly permissive umask for daemons

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via th...

5AI score0.00593EPSS
Exploits0References4
CVE
CVE
•added 2022/09/02 7:10 a.m.•112 views

CVE-2022-38170

CVE-2022-38170 affects Apache Airflow prior to 2.3.4. The issue is an insecure daemon umask applied to numerous Airflow components, causing a race condition that can create world-writable files in the Airflow home directory. This allows local users to expose arbitrary file contents via the webser...

4.7CVSS4.6AI score0.00593EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder