CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39877 – Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler
https://notcve.org/view.php?id=CVE-2024-39877
Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability. Apache Airflow 2.4.0 y versiones anteriores a 2.9.3 tienen una vulnerabilidad que permite a los autores de DAG autenticados crear un parámetro doc_md de manera que pueda ejecutar código arbitrario en el contexto del programador, lo que debería estar prohibido según el modelo de seguridad de Airflow. Los usuarios deben actualizar a la versión 2.9.3 o posterior, que eliminó la vulnerabilidad. • https://github.com/apache/airflow/pull/40522 https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-277: Insecure Inherited Permissions •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39863 – Apache Airflow: Potential XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-39863
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. Las versiones de Apache Airflow anteriores a la 2.9.3 tienen una vulnerabilidad que permite a un atacante autenticado inyectar un enlace malicioso al instalar un proveedor. Se recomienda a los usuarios actualizar a la versión 2.9.3, que soluciona este problema. • https://github.com/apache/airflow/pull/40475 https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50944 – Apache Airflow: Bypass permission verification to read code of other dags
https://notcve.org/view.php?id=CVE-2023-50944
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. Apache Airflow, versiones anteriores a la 2.8.1, tienen una vulnerabilidad que permite a un usuario autenticado acceder al código fuente de un DAG al que no tiene acceso. Esta vulnerabilidad se considera baja ya que requiere un usuario autenticado para explotarla. • http://www.openwall.com/lists/oss-security/2024/01/24/5 https://github.com/apache/airflow/pull/36257 https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50943 – Apache Airflow: Potential pickle deserialization vulnerability in XComs
https://notcve.org/view.php?id=CVE-2023-50943
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. Apache Airflow, versiones anteriores a 2.8.1, tienen una vulnerabilidad que permite a un atacante potencial envenenar los datos de XCom al evadir la protección de la configuración "enable_xcom_pickling=False", lo que genera datos envenenados después de la deserialización de XCom. Esta vulnerabilidad se considera baja ya que requiere un autor de DAG para explotarla. • http://www.openwall.com/lists/oss-security/2024/01/24/4 https://github.com/apache/airflow/pull/36255 https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-51702 – Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
https://notcve.org/view.php?id=CVE-2023-51702
Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker serializes this configuration file as a dictionary and sends it to the triggerer by storing it in metadata without any encryption. Additionally, if used with an Airflow version between 2.3.0 and 2.6.0, the configuration dictionary will be logged as plain text in the triggerer service without masking. This allows anyone with access to the metadata or triggerer log to obtain the configuration file and use it to access the Kubernetes cluster. This behavior was changed in version 7.0.0, which stopped serializing the file contents and started providing the file path instead to read the contents into the trigger. Users are recommended to upgrade to version 7.0.0, which fixes this issue. Desde la versión 5.2.0, cuando se utiliza el modo diferible con la ruta de un archivo de configuración de Kubernetes para la autenticación, el trabajador de Airflow serializa este archivo de configuración como un diccionario y lo envía al activador almacenándolo en metadatos sin ningún cifrado. • http://www.openwall.com/lists/oss-security/2024/01/24/3 https://github.com/apache/airflow/pull/29498 https://github.com/apache/airflow/pull/30110 https://github.com/apache/airflow/pull/36492 https://lists.apache.org/thread/89x3q6lz5pykrkr1fkr04k4rfn9pvnv9 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •