Published: 30/10/2019 Updated: 01/11/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Summary

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache airflow

Github Repositories

Security bulletins Date ID Subject Affected versions 2021 January 19 WDC-21001 Reflected XSS in WD My Cloud, My Cloud Home and SanDisk ibi <,4130) 2020 February 21 WDC-20003, CVE-2020-8960 Reflected DOM-based XSS <,220-134) 2019 November 30 CVE-2019-12417 Apache Airflow XSS and Local File Read <,1105> 2016 March 29 Ninja forms arb