Lucene search
K

63 matches found

PyPA
PyPA
added 2020/01/14 5:15 p.m.6 views

PYSEC-2020-162

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...

4.8CVSS7.3AI score0.01871EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2020/01/14 5:15 p.m.22 views

PYSEC-2020-162

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...

4.8CVSS2.8AI score0.01871EPSS
Exploits0References4
OSV
OSV
added 2020/01/14 5:15 p.m.12 views

PYSEC-2020-181

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...

2.8AI score
Exploits0References3
Cvelist
Cvelist
added 2020/01/14 4:28 p.m.23 views

CVE-2019-12398

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected...

5.5AI score0.01871EPSS
Exploits0References3
OSV
OSV
added 2019/11/22 1:45 p.m.21 views

GHSA-Q3P4-GW7R-WQJC Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

4.8CVSS5.4AI score0.01345EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2019/11/22 1:45 p.m.92 views

Apache Airflow vulnerable to XSS and local file disclosure

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

4.8CVSS5.9AI score0.01345EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2019/10/31 2:21 a.m.21 views

Cross-Site Scripting (XSS)

apache-airflow is vulnerable to cross-site scripting XSS. An administrative user is able to edit the state of objects in the metadata database to contain malicious Javascript, which will execute in a victim's browser when rendered. This vulnerability also allows reading of arbirary files permitte...

4.8CVSS2.5AI score0.01345EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/10/30 10:15 p.m.26 views

CVE-2019-12417

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

4.8CVSS5.5AI score0.01345EPSS
Exploits0References1
Prion
Prion
added 2019/10/30 10:15 p.m.23 views

Arbitrary file deletion

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

3.5CVSS5.4AI score0.01345EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/10/30 10:15 p.m.34 views

PYSEC-2019-216

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...

4.8CVSS2.3AI score0.01345EPSS
Exploits0References2
OSV
OSV
added 2019/04/12 8:42 p.m.2 views

GHSA-8P7V-2JVJ-V54R Apache Airflow vulnerable to Stored XSS

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

5.3CVSS6.5AI score0.02767EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2019/04/12 8:42 p.m.45 views

Apache Airflow vulnerable to Stored XSS

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

4.8CVSS6AI score0.02767EPSS
Exploits0References8Affected Software1
PyPA
PyPA
added 2019/04/10 8:29 p.m.11 views

PYSEC-2019-214

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

4.8CVSS7.4AI score0.02767EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2019/03/06 5:35 p.m.4 views

GHSA-99CV-8CVV-666C Apache Airflow vulnerable to Stored XSS

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

5.5CVSS6.3AI score0.01956EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2019/03/06 5:35 p.m.29 views

Apache Airflow vulnerable to Stored XSS

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

5.5CVSS6AI score0.01956EPSS
Exploits0References8Affected Software1
Veracode
Veracode
added 2019/02/28 1:32 a.m.19 views

Cross-Site Scripting (XSS)

apache-airflow is vulnerable to cross-site scripting XSS. An admin user is able to inject arbitrary Javascript into a victim's browser through the modification of state of objects in the metadata database, which would execute on certain page views...

5.5CVSS5.4AI score0.01956EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2019/02/27 6:29 p.m.20 views

CVE-2018-20244

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

5.5CVSS5.9AI score0.01956EPSS
Exploits0References3
OSV
OSV
added 2019/02/27 6:29 p.m.3 views

PYSEC-2019-142

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

5.5CVSS6.1AI score0.01956EPSS
Exploits0References4
OSV
OSV
added 2019/02/27 6:29 p.m.8 views

CVE-2018-20244

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

5.5CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2018/06/10 11:29 p.m.15 views

CVE-2018-12088

S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is...

7.5CVSS7.7AI score
Exploits0References3
Rows per page
Query Builder