PT-2022-12314 · Apache · Apache Airflow
Ali Al-Habsi
+1
·
Published
2022-02-25
·
Updated
2024-03-06
·
CVE-2021-45229
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Airflow versions 2.2.3 and below
Description
The "Trigger DAG with config" screen in Apache Airflow is susceptible to XSS attacks via the
origin query argument.Recommendations
For Apache Airflow versions 2.2.3 and below, consider disabling the "Trigger DAG with config" screen until a patch is available to prevent XSS attacks via the
origin query argument.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow