Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache airflow vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-43985
In Apache Airflow versions before 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
Apache Airflow
6.5
CVSSv3
CVE-2023-36543
Apache Airflow, versions prior to 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected
Apache Airflow
8.8
CVSSv3
CVE-2023-39508
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to...
Apache Airflow
6.1
CVSSv3
CVE-2021-28359
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-...
Apache Airflow
5.4
CVSSv3
CVE-2023-47265
Apache Airflow, versions 2.6.0 up to and including 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. This Javascript can be executed on the client side of any of the user w...
Apache Airflow
7.5
CVSSv3
CVE-2023-50943
Apache Airflow, versions prior to 2.8.1, have a vulnerability that allows a potential malicious user to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vul...
Apache Airflow
6.5
CVSSv3
CVE-2023-50944
Apache Airflow, versions prior to 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommend...
Apache Airflow
8.8
CVSSv3
CVE-2022-40127
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions before 2.4.0.
Apache Airflow
3 Github repositories
9.8
CVSSv3
CVE-2020-13927
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at...
Apache Airflow
1 Metasploit module
1 Github repository
5.5
CVSSv3
CVE-2018-20244
In Apache Airflow prior to 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
Apache Airflow
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »