PT-2022-24388 · Apache · Apache Airflow+1
Kai Zhao
·
Published
2022-08-16
·
Updated
2022-10-10
·
CVE-2022-38362
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache Airflow Docker's Provider versions prior to 3.0.0
Description
The issue is related to an example DAG in Apache Airflow Docker's Provider that is vulnerable to authenticated remote code exploit on the Airflow worker host.
Recommendations
For versions prior to 3.0.0, disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Airflow
Apache-Airflow-Providers-Docker