Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the use of...

Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Description Symfony\Bridge\Monolog\Command\ServerLogCommand the server:log console command is a development-time helper that opens a TCP listener and displays log records pushed to it by the application's logging pipeline. Two unsafe defaults combine into a remotely reachable PHP...

EUVD-2008-0618

Malware in sbrugna...

EUVD-2021-0013

Malware in sbrugna...

EUVD-2007-3807

Malware in sbrugna...

EUVD-2003-0335

Malware in sbrugna...

CVE-2021-35936

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

Komtera KLog Server 路径遍历漏洞

Komtera KLog Server is a logging solution from Komtera. A path traversal vulnerability exists in Komtera KLog Server versions prior to 3.1.1, which stems from improperly restricting directory pathnames when processing web input to file system calls...

CVE-2024-6793

A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions...

BIT-AIRFLOW-2021-35936 No Authentication on Logging Server

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

GSD-2022-1004952 Logging of sensitive information in Wallet version Current version and possibly previous versions

In Slope Wallet, the current version and possibly previous versions the logging of sensitive information including seed phrases exist in the wallet software. This can be attacked via access to the logging data which is reportedly sent in clear text across the Internet and the logging server...

tlog bug fix and enhancement update

An update is available for tlog. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Tlog is a terminal I/O recording program similar to "script", but used in place ...

tlog bug fix and enhancement update

Tlog is a terminal I/O recording program similar to "script", but used in place of a user's shell, starting the recording and executing the real user's shell afterwards. The recorded I/O can then be forwarded to a logging server in JSON format. Bug Fixes and Enhancements: tlog causing SSH to not...

ALBA-2022:2139 tlog bug fix and enhancement update

Tlog is a terminal I/O recording program similar to "script", but used in place of a user's shell, starting the recording and executing the real user's shell afterwards. The recorded I/O can then be forwarded to a logging server in JSON format. Bug Fixes and Enhancements: tlog causing SSH to not...

GHSA-M6H2-JX9V-58W6 Missing Authorization in Apache Airflow

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

Missing Authorization in Apache Airflow

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

Information Disclosure

apache-airflow is vulnerable to information disclosure. The logging server running on port 0.0.0.0 by default has no authentication and allows reading log files of DAG jobs...

CVE-2021-35936 No Authentication on Logging Server

If remote logging is not used, the worker in the case of CeleryExecutor or the scheduler in the case of LocalExecutor runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG...

PT-2021-21067 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.1.2 Description: The issue affects the logging server in Apache Airflow, which has no authentication and allows reading log files of DAG jobs when remote logging is not used. This could potentially expose...

CVE-2019-12324

A command injection missing input validation issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters i...