Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airflow vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-29247
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: prior to 2.6.0.
Apache Airflow
8.8
CVSSv3
CVE-2023-39508
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to...
Apache Airflow
4.3
CVSSv3
CVE-2023-46288
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST AP...
Apache Airflow
8.8
CVSSv3
CVE-2017-17835
In Apache Airflow 1.8.2 and previous versions, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.
Apache Airflow
6.5
CVSSv3
CVE-2020-17511
In Airflow versions before 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
Apache Airflow
5.3
CVSSv3
CVE-2020-17513
In Apache Airflow versions before 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
Apache Airflow
6.1
CVSSv3
CVE-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions before 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue com...
Apache Airflow
7.7
CVSSv3
CVE-2020-17526
Incorrect Session Validation in Apache Airflow Webserver versions before 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect user...
Apache Airflow
6.1
CVSSv3
CVE-2022-45402
In Apache Airflow versions before 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
Apache Airflow
6.5
CVSSv3
CVE-2023-50783
Apache Airflow, versions prior to 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification....
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »