Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-11981OS Command Injection in Apache Airflow

CWE-78OS Command Injection6 documents5 sources
Severity
9.8CRITICALNVD
EPSS
91.6%
top 0.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apache AirflowApache Software Foundation Apache Airflow
Timeline
PublishedJul 17
Latest updateJul 27

Description

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_airflow1.10.10 and below
NVDapache/airflow1.10.10

🔴Vulnerability Details

4
GHSA
Command injection via Celery broker in Apache Airflow2020-07-27
OSV
Command injection via Celery broker in Apache Airflow2020-07-27
OSV
CVE-2020-11981: An issue was found in Apache Airflow versions 12020-07-17
CVEList
CVE-2020-11981: An issue was found in Apache Airflow versions 12020-07-16

💥Exploits & PoCs

1
Nuclei
Apache Airflow <=1.10.10 - Command Injection
CVE-2020-11981 — OS Command Injection in Apache Airflow | cvebase