4 matches found
CVE-2023-25692
The CVE-2023-25692 issue affects the Apache Airflow Google Provider up to version 8.10.0 (pre-8.10.0). The connected sources describe an Improper Input Validation vulnerability in this provider, with the impact noted as Denial of Service and, per a HackerOne report, potential for Remote Command E...
CVE-2023-25691
CVE-2023-25691 affects Apache Airflow Google Provider versions before 8.10.0 due to Improper Input Validation in the Google Provider. The issue (root cause: input validation error) is assessed with a CRITICAL impact (CVSS 9.8) affecting confidentiality, integrity, and availability. Exploitation d...
CVE-2026-45361
CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...
CVE-2026-49297
Apache Airflow Google provider contains a path traversal flaw in GCSToSFTPOperator and GCSTimeSpanFileTransformOperator: GCS object names from bucket listings are joined to a destination path without normalisation or containment checks. A user with write access to a source GCS bucket could create...