CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

CVE•added 2024/05/14 10:43 a.m.•77 views

CVE-2024-32077

CVE-2024-32077 concerns Apache Airflow 2.9.0 with a cross-site scripting (XSS) vulnerability in Task Instance Log/Log Details. An authenticated attacker can inject malicious data into task instance logs due to insufficient input handling, leading to XSS when logs are viewed. The affected product ...

5.4CVSS5.2AI score0.01559EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2024/05/14 12:0 a.m.•4 views

PT-2024-24381 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.9.0 Description: The issue allows an authenticated attacker to inject malicious data into the task instance logs. This is a critical security vulnerability that enables attackers to inject data into the task instance...

5.4CVSS7.1AI score0.01559EPSS

Exploits0References11

OSV•added 2024/03/06 10:54 a.m.•19 views

BIT-AIRFLOW-2023-29247 Stored XSS on Apache Airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

5.4CVSS5.2AI score0.01911EPSS

Exploits0References4

OSV•added 2023/11/12 3:30 p.m.•3 views

GHSA-R7X6-XFCM-3MXV Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are...

7.1CVSS6.6AI score0.01657EPSS

Exploits0References7