Airflow@1.8.2 Security Vulnerabilities and Issues — Airflow@1.8.2 CVE List

Lucene search

ApacheAirflow1.8.2

3 matches found

CVE•added 2019/01/23 5:29 p.m.•70 views

CVE-2017-15720

In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

8.8CVSS8.6AI score0.00364EPSS

CVE•added 2019/01/23 5:29 p.m.•67 views

CVE-2017-17836

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the syst...

9.8CVSS9AI score0.00578EPSS

CVE•added 2019/01/23 5:29 p.m.•66 views

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

8.8CVSS8.9AI score0.00243EPSS