Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
airflow vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
8.8
CVSSv3
CVE-2023-39508
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to...
Apache Airflow
6.1
CVSSv3
CVE-2021-45229
It exists that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
Apache Airflow
4.7
CVSSv3
CVE-2022-38170
In Apache Airflow before 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary fil...
Apache Airflow
4.3
CVSSv3
CVE-2023-45348
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by d...
Apache Airflow
8.8
CVSSv3
CVE-2019-0229
A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.
Apache Airflow
8.8
CVSSv3
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions before 2.4.0.
Apache Airflow
3 Github repositories
5.3
CVSSv3
CVE-2023-25695
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: prior to 2.5.2.
Apache Airflow
9.8
CVSSv3
CVE-2023-25754
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: prior to 2.6.0.
Apache Airflow
5.4
CVSSv3
CVE-2023-29247
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: prior to 2.6.0.
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »