ghsa-976r-qfjj-c24w
Vulnerability from github
Published
2020-07-27 16:57
Modified
2024-09-11 21:13
Severity
9.8 (Critical) - CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Command injection via Celery broker in Apache Airflow
Details
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "apache-airflow" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.10.11rc1" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2020-11981" ], "database_specific": { "cwe_ids": [ "CWE-78" ], "github_reviewed": true, "github_reviewed_at": "2020-07-27T16:55:01Z", "nvd_published_at": null, "severity": "CRITICAL" }, "details": "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.", "id": "GHSA-976r-qfjj-c24w", "modified": "2024-09-11T21:13:37Z", "published": "2020-07-27T16:57:33Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11981" }, { "type": "WEB", "url": "https://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2" }, { "type": "WEB", "url": "https://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-976r-qfjj-c24w" }, { "type": "PACKAGE", "url": "https://github.com/apache/airflow" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" }, { "type": "WEB", "url": "https://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "Command injection via Celery broker in Apache Airflow" }
Loading...