Lucene search
+L

109 matches found

CNNVD
CNNVD
added 2023/10/14 12:0 a.m.11 views

Apache Airflow 信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an information disclosure vulnerability that can be...

6.5CVSS6AI score0.01551EPSS
Exploits0References4
Hacker One
Hacker One
added 2023/10/13 4:40 p.m.47 views

Internet Bug Bounty: CVE-2023-42780: Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature

A vulnerability in Apache Airflow versions prior to 2.7.2 allowed authenticated users to list warnings for all DAGs, revealing dagids and stack traces even for DAGs the user did not have permission to access. Users should upgrade to Airflow 2.7.2 or newer...

6.5CVSS6.1AI score0.01071EPSS
Exploits0
Hacker One
Hacker One
added 2023/08/29 5:31 p.m.104 views

Internet Bug Bounty: CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE

Apache Airflow Spark Provider before 4.1.3 was affected by a deserialization vulnerability that allowed remote code execution RCE. Attackers could exploit this vulnerability by configuring a malicious Spark server address through the Airflow UI, which would then manipulate the PySpark clients...

8.8CVSS9AI score0.01413EPSS
Exploits0
OSV
OSV
added 2023/08/05 9:30 a.m.15 views

GHSA-269X-PG5C-5XGM Apache Airflow Execution with Unnecessary Privileges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

8.8CVSS8.8AI score0.0236EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/08/05 9:30 a.m.45 views

Apache Airflow Execution with Unnecessary Privileges

Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the...

8.8CVSS8.8AI score0.0236EPSS
Exploits0References7Affected Software1
GithubExploit
GithubExploit
added 2023/07/21 12:55 p.m.401 views

Exploit for Code Injection in Apache Airflow

Apache Airflow official report description says: A vulnerab...

8.8CVSS8.9AI score0.85653EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2022/11/25 12:0 a.m.10 views

The vulnerability of the run_id parameter in the Example Dags function of the Airflow software for data processing tasks allows a attacker to execute arbitrary commands.

The vulnerability of the runid parameter in the Example Dags function of the Airflow software for data processing scenario creation, monitoring, and orchestration is related to incorrect code generation. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary...

10CVSS8AI score0.85653EPSS
Exploits2References4Affected Software1
Hacker One
Hacker One
added 2022/11/17 12:43 a.m.135 views

Internet Bug Bounty: CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example

airflow-2.3.3/airflow/exampledags/examplebashoperator.py has a command injection vulnerability. I can control the runid in the following codeexamplebashoperator.py,So I can inject custom commands. alsorunthis = BashOperator taskid='alsorunthis', bashcommand='echo "runid= runid | dagrun= dagrun "'...

6.5CVSS8.8AI score0.85653EPSS
Exploits2
CNVD
CNVD
added 2022/11/17 12:0 a.m.28 views

Apache Airflow code injection vulnerability

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamic monitoring features. Apache Airflow has a code injection vulnerability, the vulnerability stems from the user input structure during the...

8.8CVSS3.4AI score0.85653EPSS
Exploits2References1
Veracode
Veracode
added 2022/11/15 6:46 a.m.22 views

Arbitrary Code Execution

apacheairflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of examplebashoperator.py which allows an attacker to execute arbitrary commands via the manually provided runid parameter...

8.8CVSS9.1AI score0.85653EPSS
Exploits2References6Affected Software1
OSV
OSV
added 2022/11/14 12:0 p.m.22 views

GHSA-6PW3-8H9W-32GC Apache Airflow vulnerable to OS Command Injection via example DAGs

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow versions prior to 2.4.0...

8.8CVSS8.8AI score0.85653EPSS
Exploits2References7
Github Security Blog
Github Security Blog
added 2022/11/14 12:0 p.m.41 views

Apache Airflow vulnerable to OS Command Injection via example DAGs

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow versions prior to 2.4.0...

8.8CVSS8.8AI score0.85653EPSS
Exploits2References7Affected Software1
NVD
NVD
added 2022/11/14 10:15 a.m.34 views

CVE-2022-40127

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

8.8CVSS0.85653EPSS
Exploits2References3
Prion
Prion
added 2022/11/14 10:15 a.m.26 views

Design/Logic Flaw

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

6.5CVSS8.9AI score0.85653EPSS
Exploits2References3Affected Software1
PyPA
PyPA
added 2022/11/14 10:15 a.m.9 views

PYSEC-2022-42982

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

8.8CVSS7.6AI score0.85653EPSS
Exploits2References7Affected Software1
OSV
OSV
added 2022/11/14 10:15 a.m.24 views

PYSEC-2022-42982

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

8.8CVSS7.5AI score0.85653EPSS
Exploits2References7
OSV
OSV
added 2022/11/14 12:0 a.m.23 views

CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

8.8CVSS7.4AI score0.85653EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.5 views

PT-2022-5600 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.0 Description: A vulnerability in Example Dags of Apache Airflow is related to incorrect management of code generation. This issue allows an attacker with UI access who can trigger DAGs to execute arbitrar...

10CVSS8.2AI score0.85653EPSS
Exploits2References21
Cvelist
Cvelist
added 2022/11/14 12:0 a.m.52 views

CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0...

9.1AI score0.85653EPSS
Exploits2References3
CVE
CVE
added 2022/11/14 12:0 a.m.129 views

CVE-2022-40127

Apache Airflow before 2.4.0 is vulnerable to remote code execution via the run_id parameter on UI-triggered DAGs. The issue affects the Example Dags component and is triggered by manipulating run_id to execute arbitrary commands. Public references describe RCE on Airflow

8.8CVSS8.8AI score0.85653EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder