CVE-2024-29735

CWE-2814 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 47.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache AirflowApache Airflow
Timeline
PublishedMar 26

Description

Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. Airflow's local file task handler in Airflow incorrectly set permissions for all parent folders of log folder, in default configuration adding write access to Unix group of the folders. In the case Airflow is run with the root user (not recommended) it added group write permission to all folders up to the root of the filesystem. If your log files are stored in the ho

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

PyPIapache-airflow2.8.22.8.4
NVDapache/airflow2.8.22.8.4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
Apache Airflow Improper Preservation of Permissions vulnerability2024-03-26
CVEList
Apache Airflow: Potentially harmful permission changing by log task handler2024-03-26
OSV
Apache Airflow Improper Preservation of Permissions vulnerability2024-03-26
CVE-2024-29735 (MEDIUM CVSS 5.3) | Improper Preservation of Permission | cvebase.io