Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache airflow vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-38540
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote ...
Apache Airflow
1 Github repository
6.5
CVSSv3
CVE-2022-46651
Apache Airflow, versions prior to 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifical...
Apache Airflow
6.1
CVSSv3
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
4.3
CVSSv3
CVE-2023-40611
Apache Airflow, versions prior to 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users ...
Apache Airflow
6.1
CVSSv3
CVE-2021-45229
It exists that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Apache Airflow
9.8
CVSSv3
CVE-2020-13927
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...
Apache Airflow
1 Metasploit module
1 Github repository
8.8
CVSSv3
CVE-2022-24288
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
Apache Airflow
6.1
CVSSv3
CVE-2022-43982
In Apache Airflow versions before 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
Apache Airflow
6.1
CVSSv3
CVE-2022-43985
In Apache Airflow versions before 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
Apache Airflow
4.3
CVSSv3
CVE-2023-45348
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by d...
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »