Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airflow vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-40604
In Apache Airflow 2.3.0 up to and including 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
Apache Airflow
6.1
CVSSv3
CVE-2022-45402
In Apache Airflow versions before 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
Apache Airflow
8.8
CVSSv3
CVE-2017-17835
In Apache Airflow 1.8.2 and previous versions, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
Apache Airflow
4.8
CVSSv3
CVE-2019-12417
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
Apache Airflow
1 Github repository
4.7
CVSSv3
CVE-2022-38170
In Apache Airflow before 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary fil...
Apache Airflow
6.1
CVSSv3
CVE-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions before 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue com...
Apache Airflow
6.1
CVSSv3
CVE-2021-45229
It exists that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Apache Airflow
6.5
CVSSv3
CVE-2021-45230
In Apache Airflow before 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.
Apache Airflow
5.4
CVSSv3
CVE-2023-47265
Apache Airflow, versions 2.6.0 up to and including 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user w...
Apache Airflow
8.8
CVSSv3
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions before 2.4.0.
Apache Airflow
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »