Vulnerability Details CVE-2022-38362
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.5%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-38362
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.0.2
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.1.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.4.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.4.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.5.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.5.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.5.2
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.6.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.7.0