apache-airflow

vulnerable: 1.8.1, 1.8.2, 1.8.2rc1

It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this…

vulnerable: 1.8.1, 1.8.2, 1.8.2rc1

In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.

vulnerable: 1.8.1, 1.8.2, 1.8.2rc1

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

vulnerable: 1.8.1, 1.8.2, 1.8.2rc1

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a m…

vulnerable: 1.10.0 ... 1.9.0 (12 versions)

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

vulnerable: 1.10.0 ... 1.9.0 (7 versions)

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

vulnerable: 1.10.0 ... 1.9.0 (13 versions)

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

vulnerable: 1.10.0 ... 1.9.0 (13 versions)

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

vulnerable: 1.8.1 ... 1.10.5rc1 (26 versions)

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffec…

vulnerable: 1.10.0 ... 1.9.0 (27 versions)

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver …

vulnerable: 1.8.1 ... 1.10.10 (44 versions)

An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary command…

vulnerable: 1.8.1 ... 1.10.10 (44 versions)

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbi…

vulnerable: 1.8.1 ... 1.10.10 (44 versions)

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could…

vulnerable: 1.8.1 ... 1.10.10 (44 versions)

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to crea…

vulnerable: 1.8.1 ... 1.10.11rc2 (46 versions)

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requ…

vulnerable: 1.8.1 ... 1.10.12rc4 (51 versions)

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.

vulnerable: 1.10.0 ... 1.9.0 (53 versions)

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

vulnerable: 1.8.1 ... 1.10.13rc1 (53 versions)

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.

vulnerable: 1.8.1 ... 1.10.13rc1 (53 versions)

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 di…

vulnerable: 1.8.1 ... 1.10.14rc4 (58 versions)

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the ses…

vulnerable: 1.8.1 ... 1.10.10 (44 versions)

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

vulnerable: 1.8.1 ... 2.0.1rc2 (70 versions)

Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `Fa…

vulnerable: 1.8.1 ... 2.0.1rc2 (70 versions)

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain …

vulnerable: 1.8.1 ... 2.0.2rc1 (65 versions)

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-202…

vulnerable: 1.10.0 ... 2.1.2rc1 (79 versions)

If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging se…

vulnerable: 2.0.0 ... 2.1.3rc1 (14 versions)

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service…

vulnerable: 1.10.0 ... 2.2.3rc2 (98 versions)

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

vulnerable: 1.10.0 ... 2.2.0rc1 (78 versions)

In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has "can_create" permissions on DAG Runs can create Dag Runs for dags that they don't have "edit" permissions for.

vulnerable: 1.10.0 ... 2.2.4rc1 (99 versions)

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

vulnerable: 1.10.0 ... 2.3.1rc1 (109 versions)

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). Thi…

vulnerable: 2.2.4 ... 2.3.3rc3 (18 versions)

In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation.

vulnerable: 1.10.0 ... 2.3.4rc1 (118 versions)

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and a…

vulnerable: 1.10.0 ... 2.3.0rc2 (107 versions)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, withou…

vulnerable: 1.10.0 ... 2.4.0rc1 (121 versions)

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior…

vulnerable: 1.10.0 ... 2.3.0rc2 (107 versions)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without …

vulnerable: 2.3.0 ... 2.3.4rc1 (12 versions)

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

vulnerable: 2.3.0 ... 2.3.4rc1 (12 versions)

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.

vulnerable: 1.10.0 ... 2.3.0rc2 (107 versions)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without writ…

vulnerable: 1.10.0 ... 2.4.1rc1 (124 versions)

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

vulnerable: 1.10.0 ... 2.4.2rc1 (125 versions)

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

vulnerable: 1.10.0 ... 2.4.2rc1 (125 versions)

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

vulnerable: 1.10.0 ... 2.4.3rc1 (127 versions)

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

vulnerable: 1.10.0 ... 2.6.3rc1 (156 versions)

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with ac…

vulnerable: 1.10.0 ... 2.5.1rc2 (134 versions)

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: bef…

vulnerable: 1.10.0 ... 2.6.3rc1 (156 versions)

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is consider…

vulnerable: 1.10.0 ... 2.6.3rc1 (156 versions)

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user …

vulnerable: 1.10.0 ... 3.1.1rc2 (258 versions)

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

vulnerable: 1.10.0 ... 2.5.2rc2 (137 versions)

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.

vulnerable: 1.10.0 ... 2.6.0rc5 (147 versions)

Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.

vulnerable: 1.10.0 ... 2.3.2rc2 (112 versions)

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.