Published: 14/11/2022 Updated: 16/11/2022

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions before 2.4.0.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache airflow

CVE-2022-40127 PoC and exploit

Apache Airflow < 240 RCE (CVE-2022-40127) PoC for CVE-2022-40127 that is an Apache Airflow RCE vulnerability affecting versions prior to 240 The official report description says: A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter This issue a

CVE-2022-40127 PoC and exploit

Apache Airflow < 240 RCE (CVE-2022-40127) PoC for CVE-2022-40127 that is an Apache Airflow RCE vulnerability affecting versions prior to 240 The official report description says: A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter This issue a

Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC

CVE-2022-40127 Apache Airflow < 240 DAG example_bash_operator RCE poc docker env: mkdir CVE-2022-40127 && cd CVE-2022-40127 curl -LfO 'airflowapacheorg/docs/apache-airflow/234/docker-composeyaml' #or wget githubcom/Mr-xn/CVE-2022-40127/raw/main/docker-composeyaml mkdir -p /dags /logs /plugins echo -e "AIRFLOW_U

CWE-94 https://github.com/apache/airflow/pull/25960 https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy http://www.openwall.com/lists/oss-security/2022/11/14/2 https://nvd.nist.gov https://github.com/jakabakos/CVE-2022-40127

CVE-2022-40127

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect