CVE-2022-40127

Description from NVD

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.

Information Acquisition Date:2022-11-23T14:58Z
CVSS 2.0: 0.0 None CVSS 3.x: 8.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NVD References

 https://github.com/apache/airflow/pull/25960
     source:MISC
     tags:Patch    Third Party Advisory    
 https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy
     source:MISC
     tags:Mailing List    Third Party Advisory    
 [oss-security] 20221113 CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example
     source:MLIST
     tags:Mailing List    Third Party Advisory    

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(34 tweets) Chrome(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
http://twinybots.ch26
https://github.com/Mr-xn/CVE-2022-4012711
https://twitter.com/sirifu4k1/status/15935898054969671695

▼ Show Information from Twitter(70)


List of frequently cited URLs

URLNum of Times Referred to
twinybots.ch26
github.com11
twitter.com5

▼ Show Information from Twitter(70)


GitHub Search Results: Up to 10
NameURL
Mr-xn/CVE-2022-40127 https://github.com/Mr-xn/CVE-2022-40127

GitHub Search Results: Up to 10
NameURL
Mr-xn/CVE-2022-40127 github.com

2022/11/29 Score : 0
Added Har-sia Database : 2022/11/14
Last Modified : 2022/11/29
Highest Scored Date : 2022/11/19
Highest Score : 15