Airflow Security Vulnerabilities and Issues — Airflow CVE List

Lucene search

ApacheAirflow

4 matches found

CVE•added 2019/01/23 5:29 p.m.•69 views

CVE-2017-15720

In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

8.8CVSS8.6AI score0.00364EPSS

CVE•added 2019/01/23 5:29 p.m.•65 views

CVE-2017-17835

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

8.8CVSS8.9AI score0.00243EPSS

CVE•added 2019/01/23 5:29 p.m.•65 views

CVE-2017-17836

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the syst...

9.8CVSS9AI score0.00578EPSS

CVE•added 2019/01/23 5:29 p.m.•62 views

CVE-2018-20245

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

7.5CVSS7.4AI score0.00359EPSS