Lädt...


🕵️ Internet Bug Bounty: CVE-2022-38362: Apache Airflow Docker Provider <3.0 RCE vulnerability in example dag


Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com


image
Apache Airflow Docker&#x27;s Provider shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Vulnerability summary: In DAG script of airflow 2.3.3, there is a command injection vulnerability (RCE) in the script (example_docker_copy_data.py of docker provider), which can obtain the permission of the operating system. source path: airflow-2.3.3/airflow/providers/docker/example_dags/example_docker_copy_data.py Vulnerability details: (1) Vulnerability principle: 1. It can be seen from the source code of example_docker_copy_data.py script that there is the function of executing bash command, The parameter ‘source_location’ in the template expression {{params.source_location}} is externally controllable and rendered through the jiaja2 template: {F1869746} Further analysis “from airflow.operators.bash import BashOperator” code, we can see bash_command parameter value will be executed as a bash script; {F1869748} (2)Vulnerability exploit: 1. Enter the DAGs menu and start docker_sample_copy_data task, select “Trigger DAG w/ config”. http://192.168.3.17:8080/trigger?dag_id=docker_sample_copy_data {F1869749} To construct payload, we can separate commands with ‘;’, so as to inject any operating system commands to be executed(RCE). {F1869750} PAYLOAD:{&quot;source_location&quot;:&quot;;touch /tmp/thisistest;&quot;}, Then click trigger to execute the task. {F1869755} The final command is as follows: locate_file_cmd = “”” sleep 10 find... ...

🕵️ Internet Bug Bounty: CVE-2023-49920: Apache Airflow: Missing CSRF protection on DAG/trigger


📈 62.62 Punkte
🕵️ Sicherheitslücken

📰 Running Airflow DAG Only If Another DAG Is Successful


📈 61.24 Punkte
🔧 AI Nachrichten

🕵️ Internet Bug Bounty: RCE vulnerability in apache-airflow-providers-apache-sqoop 3.1.0


📈 56.95 Punkte
🕵️ Sicherheitslücken

⚠️ [webapps] Apache Airflow 1.10.10 - 'Example Dag' Remote Code Execution


📈 56.34 Punkte
⚠️ PoC

⚠️ #0daytoday #Apache Airflow 1.10.10 - (Example Dag) Remote Code Execution Exploit [#0day #Exploit]


📈 56.34 Punkte
⚠️ PoC

🕵️ Internet Bug Bounty: Apache Airflow Google Cloud Sql Provider Remote Command Execution


📈 47.62 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-22884 | Apache Airflow/Airflow MySQL Provider command injection


📈 46.51 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-42663 | Apache Airflow up to 2.7.1 DAG information disclosure


📈 45.32 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-42792 | Apache Airflow up to 2.7.1 DAG access control


📈 45.32 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-42780 | Apache Airflow up to 2.7.1 DAG information disclosure


📈 45.32 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-42781 | Apache Airflow up to 2.7.2 DAG information disclosure


📈 45.32 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-47037 | Apache Airflow up to 2.7.2 DAG Run Detail authorization


📈 45.32 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-45034 | Apache Airflow up to 2.10.0 DAG Folder unnecessary privileges


📈 45.32 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2024-45498 | Apache Airflow 2.10.0 DAG Trigger Permission command injection


📈 45.32 Punkte
🕵️ Sicherheitslücken

🕵️ Internet Bug Bounty: CVE-2023-40273: Session fixation in Apache Airflow web interface


📈 39.64 Punkte
🕵️ Sicherheitslücken

🕵️ Internet Bug Bounty: Apache Airflow: Bypass permission verification to read code of other dags


📈 38.75 Punkte
🕵️ Sicherheitslücken

🕵️ Apache Airflow 2.0.0 Configurations Endpoint airflow.cfg access control


📈 36.74 Punkte
🕵️ Sicherheitslücken

🕵️ Internet Bug Bounty: CVE-2023-47037: Airflow Broken Access Control Vulnerability


📈 36.47 Punkte
🕵️ Sicherheitslücken

🔧 Scheduling a BigQuery SQL script, using Apache Airflow, with an example


📈 33.36 Punkte
🔧 Programmierung

🕵️ Internet Bug Bounty: Airflow Daemon Mode Insecure Umask Privilege Escalation


📈 32.59 Punkte
🕵️ Sicherheitslücken

🕵️ Internet Bug Bounty: Leak of sensitive values to Airflow rendered template


📈 32.59 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-25692 | Apache Airflow Google Cloud SQL Provider denial of service


📈 31.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-25691 | Apache Airflow Google Cloud SQL Provider input validation


📈 31.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-25956 | Apache Airflow AWS Provider information exposure


📈 31.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-25696 | Apache Airflow Hive Provider input validation


📈 31.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-25693 | Apache Airflow Sqoop Provider input validation


📈 31.22 Punkte
🕵️ Sicherheitslücken

🕵️ CVE-2023-28710 | Apache Airflow Spark Provider up to 4.0.0 input validation


📈 31.22 Punkte
🕵️ Sicherheitslücken

matomo