CVE-2017-17835Cross-Site Request Forgery in Apache Airflow

CWE-352Cross-Site Request Forgery5 documents4 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 38.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache AirflowApache Software Foundation Apache Airflow
Timeline
PublishedJan 23
Latest updateJan 25

Description

In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDapache/airflow1.8.2
CVEListV5apache_software_foundation/apache_airflowApache Airflow <= 1.8.2

🔴Vulnerability Details

4
GHSA
Cross-Site Request Forgery (CSRF) in Apache Airflow2019-01-25
OSV
Cross-Site Request Forgery (CSRF) in Apache Airflow2019-01-25
OSV
CVE-2017-17835: In Apache Airflow 12019-01-23
CVEList
CVE-2017-17835: In Apache Airflow 12019-01-23
CVE-2017-17835 — Cross-Site Request Forgery in Apache | cvebase