Описание
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.
Уязвимые конфигурации
Конфигурация 1Версия до 1.10.5 (включая)
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00745
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
debian
больше 6 лет назад
A malicious admin user could edit the state of objects in the Airflow ...
CVSS3: 4.8
github
около 6 лет назад
Apache Airflow vulnerable to XSS and local file disclosure
EPSS
Процентиль: 73%
0.00745
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79