28 matches found
CVE-2026-40861
A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...
CVE-2026-41018
The CVE-2026-41018 issue affects the Elasticsearch task-log handler in Apache Airflow providers for Elasticsearch. When the elasticsearch host URL includes embedded credentials (for example https://user:password@server:9200), the provider logs the full host URL, including the credentials, into ta...
CVE-2026-43826
The CVE-2026-43826 affects the OpenSearch logging provider used with Apache Airflow providers-opensearch. When the host URL includes embedded credentials (for example https://user:password@server:9200), the provider writes the full host URL, including credentials, to task logs. This allows any us...
PT-2026-7102
Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.1.0 through 3.1.6 Description An authorization flaw exists in Apache Airflow that could allow an authenticated user with limited task permissions to view task logs without proper authorization. The issue affects syste...
EUVD-2024-47955
Malicious code in bioql PyPI...
EUVD-2022-6550
Malicious code in bioql PyPI...
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...
CVE-2022-40365
Cross site scripting XSS vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue...
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk...
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...
CVE-2024-6972
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text...
CVE-2024-6972
CVE-2024-6972 affects Octopus Server. Under certain circumstances, sensitive variables can be printed in clear-text in task logs. The CVSS v3.1 base score is 6.5 (MEDIUM) with high impact on confidentiality; exploitation requires no user interaction but does not require network access (attack vec...
PT-2024-38011 · Unknown · Octopus Server
Name of the Vulnerable Software and Affected Versions: Octopus Server affected versions not specified Description: The issue allows sensitive variables to be printed in the task log in clear-text under certain circumstances. Recommendations: At the moment, there is no information about a newer...
BIT-MOODLE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk...
CVE-2022-40365
Cross site scripting XSS vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue...
PT-2022-25364 · Gocron · Gocron
Name of the Vulnerable Software and Affected Versions: gocron versions through 1.5.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary code via the hostname in the scope.row object, specifically in the web/vue/src/pages/taskLog/list.vue file. Recommendations: For...
gocron 跨站脚本漏洞
gocron is a timed task management system by a Chinese qiang.ou individual developer. A security vulnerability exists in gocron versions prior to 1.5.3, which stems from a scope.row.hostname in its web/vue/src/pages/taskLog/list.vue component that allows attackers to execute arbitrary code via...
GHSA-FCPW-VQH5-6QWJ Moodle reflected XSS Vulnerability
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk...
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk...
CVE-2020-14320
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk...