CVE-2022-38362

Опубликовано: 16 авг. 2022

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

Ссылки

http://www.openwall.com/lists/oss-security/2022/08/16/1
Third Party Advisory
https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2022/08/16/1
Third Party Advisory
https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb
Mailing List
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:apache-airflow-providers-docker:*:*:*:*:*:*:*:*

Версия до 3.0.0 (исключая)

EPSS

Процентиль: 75%

0.00867

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2022-38362

CVSS3: 8.8

debian

больше 3 лет назад

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...

GHSA-746v-hfh2-xphm

CVSS3: 8.8

github

больше 3 лет назад

Remote code execution in Apache Airflow Docker's Provider

EPSS

Процентиль: 75%

0.00867

Низкий

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo