Apache Airflow Multiple Security Vulnerabilities
BID:106738
Info
Apache Airflow Multiple Security Vulnerabilities
| Bugtraq ID: | 106738 |
| Class: | Input Validation Error |
| CVE: |
CVE-2017-15720 CVE-2017-17835 CVE-2017-17836 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2019 12:00AM |
| Updated: | Jan 08 2019 12:00AM |
| Credit: | Unknown |
| Vulnerable: |
Apache Airflow 1.8.2 Apache Airflow 1.8 Apache Airflow 1.7 Apache Airflow 1.6 Apache Airflow 1.5 Apache Airflow 1.4 Apache Airflow 1.3 |
| Not Vulnerable: |
Apache Airflow 1.9 |
Discussion
Apache Airflow Multiple Security Vulnerabilities
Apache Airflow is prone to the following multiple security vulnerabilities:
1. Multiple cross-site request-forgery vulnerabilities
2. A remote code-execution vulnerability
3. An information-disclosure vulnerability
An attacker can exploit these vulnerabilities to obtain sensitive information, to perform unauthorized actions and to execute arbitrary code within the context of the affected application.
Versions prior to Apache Airflow 1.9.0 are vulnerable.
Apache Airflow is prone to the following multiple security vulnerabilities:
1. Multiple cross-site request-forgery vulnerabilities
2. A remote code-execution vulnerability
3. An information-disclosure vulnerability
An attacker can exploit these vulnerabilities to obtain sensitive information, to perform unauthorized actions and to execute arbitrary code within the context of the affected application.
Versions prior to Apache Airflow 1.9.0 are vulnerable.
Exploit / POC
Apache Airflow Multiple Security Vulnerabilities
Attackers can exploit this issue using browser or readily available tools.
Attackers can exploit this issue using browser or readily available tools.