Search
Find a vulnerability
Search criteria
2 vulnerabilities found for apache-airflow-providers-docker by apache
CVE-2022-38362 (GCVE-0-2022-38362)
Vulnerability from nvd – Published: 2022-08-16 14:10 – Updated: 2024-08-03 10:54
VLAI
Title
Docker Provider <3.0 RCE vulnerability in example dag
Summary
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/614p38nf4gbk8xhvn… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/08/16/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Affected:
Apache Airflow Docker Provider , < 3.0.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb"
},
{
"name": "[oss-security] 20220816 CVE-2022-38362: Apache Airflow Docker Provider \u003c3.0 RCE vulnerability in example dag",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/16/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "Apache Airflow Docker Provider",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Kai Zhao of 3H Secruity Team for reporting this"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Airflow Docker\u0027s Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T20:06:13.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb"
},
{
"name": "[oss-security] 20220816 CVE-2022-38362: Apache Airflow Docker Provider \u003c3.0 RCE vulnerability in example dag",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/16/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Docker Provider \u003c3.0 RCE vulnerability in example dag",
"workarounds": [
{
"lang": "en",
"value": "Disable loading of example DAGs or upgrade the apache-airflow-providers-docker to 3.0.0 or above"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-38362",
"STATE": "PUBLIC",
"TITLE": "Docker Provider \u003c3.0 RCE vulnerability in example dag"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Airflow Docker Provider",
"version_value": "3.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Kai Zhao of 3H Secruity Team for reporting this"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Airflow Docker\u0027s Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb"
},
{
"name": "[oss-security] 20220816 CVE-2022-38362: Apache Airflow Docker Provider \u003c3.0 RCE vulnerability in example dag",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/08/16/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Disable loading of example DAGs or upgrade the apache-airflow-providers-docker to 3.0.0 or above"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-38362",
"datePublished": "2022-08-16T14:10:09.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:54:03.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38362 (GCVE-0-2022-38362)
Vulnerability from cvelistv5 – Published: 2022-08-16 14:10 – Updated: 2024-08-03 10:54
VLAI
Title
Docker Provider <3.0 RCE vulnerability in example dag
Summary
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Severity
No CVSS data available.
CWE
- Remote Code Execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.apache.org/thread/614p38nf4gbk8xhvn… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2022/08/16/1 | mailing-listx_refsource_MLIST |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow |
Affected:
Apache Airflow Docker Provider , < 3.0.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.738Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb"
},
{
"name": "[oss-security] 20220816 CVE-2022-38362: Apache Airflow Docker Provider \u003c3.0 RCE vulnerability in example dag",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/16/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.0.0",
"status": "affected",
"version": "Apache Airflow Docker Provider",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Kai Zhao of 3H Secruity Team for reporting this"
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Airflow Docker\u0027s Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T20:06:13.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb"
},
{
"name": "[oss-security] 20220816 CVE-2022-38362: Apache Airflow Docker Provider \u003c3.0 RCE vulnerability in example dag",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2022/08/16/1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Docker Provider \u003c3.0 RCE vulnerability in example dag",
"workarounds": [
{
"lang": "en",
"value": "Disable loading of example DAGs or upgrade the apache-airflow-providers-docker to 3.0.0 or above"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2022-38362",
"STATE": "PUBLIC",
"TITLE": "Docker Provider \u003c3.0 RCE vulnerability in example dag"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Airflow",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "Apache Airflow Docker Provider",
"version_value": "3.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks to Kai Zhao of 3H Secruity Team for reporting this"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Airflow Docker\u0027s Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb",
"refsource": "MISC",
"url": "https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb"
},
{
"name": "[oss-security] 20220816 CVE-2022-38362: Apache Airflow Docker Provider \u003c3.0 RCE vulnerability in example dag",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2022/08/16/1"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Disable loading of example DAGs or upgrade the apache-airflow-providers-docker to 3.0.0 or above"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-38362",
"datePublished": "2022-08-16T14:10:09.000Z",
"dateReserved": "2022-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:54:03.738Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}