Lucene search
HistoryNov 02, 2022 - 12:15 p.m.
CVE-2022-43982
apache airflow
cve-2022-43982
xss
vulnerability
security
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.2%
In Apache Airflow versions prior to 2.4.2, the “Trigger DAG with config” screen was susceptible to XSS attacks via the origin query argument.
Affected configurations
Node
apacheairflowRange≤2.4.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache:airflow | apache airflow | lt | 2.4.2 |
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Airflow",
"versions": [
{
"version": "unspecified",
"lessThan": "2.4.2",
"status": "affected",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
prion
prion
Design/Logic Flaw
2022-11-02 12:15:00
osv
osv
CVE-2022-43982
2022-11-02 12:15:56
BIT-airflow-2022-43982
2024-03-06 10:56:21
PYSEC-2022-42970
2022-11-02 12:15:00
nvd
nvd
CVE-2022-43982
2022-11-02 12:15:56
cnvd
cnvd
Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-74073)
2022-11-04 00:00:00
cvelist
cvelist
github
github
Apache Airflow Cross-site Scripting vulnerability
2022-11-02 19:00:33
veracode
veracode
Cross-Site Scripting (XSS)
2022-11-03 04:42:37
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.2%
Related for CVE-2022-43982