Apache: >> Airflow >> 2.3.3 Security Vulnerabilities
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-05-08
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-05-08
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-03-15
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
CVSS Score
9.8
EPSS Score
0.639
Published
2023-01-21
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
CVSS Score
6.1
EPSS Score
0.084
Published
2022-11-15
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.
CVSS Score
8.8
EPSS Score
0.938
Published
2022-11-14
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
CVSS Score
6.1
EPSS Score
0.008
Published
2022-11-02
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-11-02
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
CVSS Score
8.1
EPSS Score
0.002
Published
2022-10-07
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-09-21