CVE-2022-38170

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.3.4

Description The issue is related to an insecure umask configuration in Apache Airflow when running with the --daemon flag. This could lead to a race condition, resulting in world-writable files in the Airflow home directory. Local users could exploit this to expose arbitrary file contents via the webserver.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue. As a temporary workaround, consider running Airflow without the --daemon flag until the update is applied. Restrict access to the Airflow home directory to minimize the risk of exploitation.