Lucene search
ApacheVULNRICHMENT:CVE-2024-45034HistorySep 07, 2024 - 7:45 a.m.
CVE-2024-45034 Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes
2024-09-0707:45:27
CWE-250
apache
github.com
2
apache airflow
vulnerability
code execution
scheduler nodes
upgrade
Apache Airflow versions before 2.10.1 have a vulnerability that allowsΒ DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author.
Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:airflow:-:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "airflow",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.10.1",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Apache Airflow vulnerable to Execution with Unnecessary Privileges
2024-09-07 09:30:31
BIT-airflow-2024-45034
2024-09-10 07:04:17
CVE-2024-45034
2024-09-07 08:15:11
cvelist
cvelist
github
github
Apache Airflow vulnerable to Execution with Unnecessary Privileges
2024-09-07 09:30:31
wolfi
wolfi
CVE-2024-45034 vulnerabilities
2024-09-19 21:18:36
nvd
nvd
CVE-2024-45034
2024-09-07 08:15:11
cve
cve
CVE-2024-45034
2024-09-07 08:15:11
AI Score
7.2
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2024-45034