Опубликовано: 27 июл. 2020
Источник: github
Github: Прошло ревью
CVSS4: 5.1
CVSS3: 5.4
Описание
Multiple stored XSS in RBAC Admin screens in Apache Airflow
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-11983
- https://github.com/advisories/GHSA-q4p3-qw5c-mhpc
- https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-17.yaml
- https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
Пакеты
Наименование
apache-airflow
pip
Затронутые версииВерсия исправления
< 1.10.11
1.10.11
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.
CVSS3: 5.4
debian
больше 5 лет назад
An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...