• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

airflow

CVE-2022-43982

February 23, 2023 by godfreyd94

In Apache Airflow versions prior to 2.4.2, the “Trigger DAG with config” screen was susceptible to XSS attacks via the `origin` query argument.

CVE-2022-43985

February 23, 2023 by godfreyd94

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver’s `/confirm` endpoint.

CVE-2022-41672

February 23, 2023 by godfreyd94

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn’t prevent an already authenticated user from being able to continue using the UI or API.

CVE-2022-40754

February 23, 2023 by godfreyd94

In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver’s `/confirm` endpoint.

CVE-2022-40604

February 23, 2023 by godfreyd94

In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.

CVE-2022-40127

February 23, 2023 by godfreyd94

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE