Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2020-11978

Published: 17/07/2020 Updated: 19/09/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 691
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability exists in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache airflow

Exploits

Exploit DB: Apache Airflow 1.10.10 Remote Code Execution
This Metasploit module exploits an unauthenticated command injection vulnerability by combining two critical vulnerabilities in Apache Airflow version 11010 The first, CVE-2020-11978, is an authenticated command injection vulnerability found in one of Airflow's example DAGs, "example_trigger_target_dag", which allows any authenticated user to ru ...
Exploit DB: Apache Airflow 1.10.10 Remote Code Execution
Apache Airflow versions 11010 and below suffer from a remote code execution vulnerability ...
Exploit DB: Apache Airflow 1.10.10 - Example DAG Remote Code Execution
This module exploits an unauthenticated command injection vulnerability by combining two critical vulnerabilities in Apache Airflow 11010 The first, CVE-2020-11978, is an authenticated command injection vulnerability found in one of Airflow's example DAGs, "example_trigger_target_dag", which allows any aut ...

Metasploit Modules

Apache Airflow 1.10.10 - Example DAG Remote Code Execution

This module exploits an unauthenticated command injection vulnerability by combining two critical vulnerabilities in Apache Airflow 1.10.10. The first, CVE-2020-11978, is an authenticated command injection vulnerability found in one of Airflow's example DAGs, "example_trigger_target_dag", which allows any authenticated user to run arbitrary OS commands as the user running Airflow Worker/Scheduler. The second, CVE-2020-13927, is a default setting of Airflow 1.10.10 that allows unauthenticated access to Airflow's Experimental REST API to perform malicious actions such as creating the vulnerable DAG above. The two CVEs taken together allow vulnerable DAG creation and command injection, leading to unauthenticated remote code execution.

msf > use exploit/linux/http/apache_airflow_dag_rce
msf exploit(apache_airflow_dag_rce) > show targets
    ...targets...
msf exploit(apache_airflow_dag_rce) > set TARGET < target-id >
msf exploit(apache_airflow_dag_rce) > show options
    ...show and set options...
msf exploit(apache_airflow_dag_rce) > exploit

Github Repositories

https://github.com/navyaks55/Vulnerability_Exploitation

FEP3370-HT22-50570-Advanced-Ethical-Hacking In this work, we are going to see two different vulnerability exploitation in the vulnerable versions of Apache Airflow Apache Airflow is an open-source workflow management platform that performs distributed task scheduling, ie, it considered as a platform to programmatically author, schedule, and monitor workflows This project wa

https://github.com/pberba/CVE-2020-11978

PoC of how to exploit a RCE vulnerability of the example DAGs in Apache Airflow <1.10.11

CVE-2020-11978: Remote code execution in Apache Airflow's Example DAGs Information Description: This vulnerability allows RCE when Airflow's example DAGs are loaded, potentially unauthenticated with CVE-2020-13927 CVE Credit: xuxiang of DtDream security Versions Affected: &lt;11011 Disclosure Link: listsapacheorg/threadhtml/r7255cf0be3566f23a768e2a04

https://github.com/bad-sector-labs/ansible-role-vulhub

An Ansible role that runs Vulhub environments on a Linux system.

Ansible Role: Vulhub An Ansible role that runs Vulhub environments on a Linux system WarningThis role will start multiple vulhub environments (if defined) without checking if they have overlapping port requirements Requirements None Role Variables Available variables are listed below, along with default values (see defaults/mainyml): vulhub_install_path: /opt/vulhub vulhub

https://github.com/badsectorlabs/ludus_vulhub

An Ansible role that runs Vulhub environments on a Linux system.

Ansible Role: Vulhub An Ansible role that runs Vulhub environments on a Linux system WarningThis role will start multiple vulhub environments (if defined) without checking if they have overlapping port requirements Requirements None Role Variables Available variables are listed below, along with default values (see defaults/mainyml): vulhub_git_url: githubcom/vulh

References

CWE-78https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3Ehttp://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/navyaks55/Vulnerability_Exploitationhttps://github.com/pberba/CVE-2020-11978https://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook