CVE-2018-20244


Security Bulletins

Latest Malware Updates

02/27/2019

CVE-2018-20244

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Attack vector: 
Network

Product: 

  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow
  • apache: airflow

References: 
https://lists.apache.org/thread.html/[email protected]%3Cdev.airflow.apache.org%3E

Severity: 
Low

CVSS Score: 
3.5

CVSS Vector: 
(AV:N/AC:M/Au:S/C:N/I:P/A:N)



Security Advisories Database

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

An attacker can perform a denial of service attack.

01/30/2015

An attacker can perform a denial of service attack.

01/30/2015

An attacker can perform a denial of service attack.

01/30/2015

An attacker can perform a denial of service attack.

01/29/2015

An attacker can perform a denial of service attack.

01/20/2015



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *