Vulnerability Details CVE-2022-38362
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.0%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-38362
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.0.2
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:1.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.1.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.4.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.4.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.5.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.5.1
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.5.2
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.6.0
-
cpe:2.3:a:apache:apache-airflow-providers-docker:2.7.0