CVE-2019-12398

Опубликовано: 14 янв. 2020

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

Ссылки

http://www.openwall.com/lists/oss-security/2020/01/14/2
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cdev.airflow.apache.org%3E
https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/01/14/2
Mailing List
Third Party Advisory
https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cdev.airflow.apache.org%3E
https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Версия до 1.10.5 (исключая)

EPSS

Процентиль: 71%

0.0067

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2019-12398

CVSS3: 4.8

debian

около 6 лет назад

In Apache Airflow before 1.10.5 when running with the "classic" UI, a ...

GHSA-rjvg-q57v-mjjc

CVSS3: 4.8

github

почти 6 лет назад

XSS in Apache Airflow

EPSS

Процентиль: 71%

0.0067

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79