PT-2023-22222 · Apache · Apache Airflow

Kuteminh11

+1

·

Publicado

2023-05-08

·

Atualizado

2024-03-06

·

CVE-2023-29247

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.6.0
Description The task instance details page in the UI is vulnerable to a stored cross-site scripting (XSS) issue. This allows for malicious scripts to be stored and executed on the page.
Recommendations For versions prior to 2.6.0, update to version 2.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the task instance details page in the UI until a patch is applied.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BIT-AIRFLOW-2023-29247
CVE-2023-29247
GHSA-VCF6-3WV2-5VCR
PYSEC-2023-60

Produtos afetados

Apache Airflow