Airflow Security Vulnerabilities and Issues — Airflow CVE List

Lucene search

ApacheAirflow

4 matches found

CVE•added 2022/09/02 7:15 a.m.•92 views

CVE-2022-38170

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the ...

4.7CVSS4.6AI score0.00107EPSS

CVE•added 2022/09/02 7:15 a.m.•88 views

CVE-2022-38054

In Apache Airflow versions 2.2.4 through 2.3.3, the database webserver session backend was susceptible to session fixation.

9.8CVSS9.4AI score0.00203EPSS

CVE•added 2022/09/21 8:15 a.m.•69 views

CVE-2022-40604

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

7.5CVSS7.4AI score0.00217EPSS

CVE•added 2022/09/21 8:15 a.m.•64 views

CVE-2022-40754

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's /confirm endpoint.

6.1CVSS6.1AI score0.01767EPSS