Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache airflow vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-50783
Apache Airflow, versions prior to 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification....
Apache Airflow
6.5
CVSSv3
CVE-2023-50944
Apache Airflow, versions prior to 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommend...
Apache Airflow
8.1
CVSSv3
CVE-2022-41672
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
Apache Airflow
6.1
CVSSv3
CVE-2022-40754
In Apache Airflow 2.3.0 up to and including 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
Apache Airflow
6.5
CVSSv3
CVE-2023-42663
Apache Airflow, versions prior to 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the ...
Apache Airflow
6.5
CVSSv3
CVE-2023-22887
Apache Airflow, versions prior to 2.6.3, is affected by a vulnerability that allows an malicious user to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authe...
Apache Airflow
6.5
CVSSv3
CVE-2023-22888
Apache Airflow, versions prior to 2.6.3, is affected by a vulnerability that allows an malicious user to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended ...
Apache Airflow
6.1
CVSSv3
CVE-2022-43982
In Apache Airflow versions before 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
Apache Airflow
6.1
CVSSv3
CVE-2022-43985
In Apache Airflow versions before 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
Apache Airflow
6.5
CVSSv3
CVE-2023-49920
Apache Airflow, version 2.7.0 up to and including 2.7.3, has a vulnerability that allows an malicious user to trigger a DAG in a GET request without CSRF validation. As a result, it was possible for a malicious website opened in the same browser - by the user who also had Airflow...
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »