CVE-2020-11983

Опубликовано: 17 июл. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Ссылки

https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
Mailing List
Vendor Advisory
https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Версия до 1.10.10 (включая)

EPSS

Процентиль: 61%

0.00411

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-11983

CVSS3: 5.4

debian

больше 5 лет назад

An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...

GHSA-q4p3-qw5c-mhpc

CVSS3: 5.4

github

больше 5 лет назад

Multiple stored XSS in RBAC Admin screens in Apache Airflow

EPSS

Процентиль: 61%

0.00411

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79