CVE-2022-38362

EPSS 0.65%
Published 16.08.2022 14:15:08
Last modified 21.11.2024 07:16:19
Source security@apache.org
Teams watchlist Login
Open Login

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

Affected products Warnungen 0 Metrics 2 CWE 0 References 5

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Apache-airflow-providers-docker Version < 3.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.65%	0.7

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

http://www.openwall.com/lists/oss-security/2022/08/16/1

Third Party Advisory

https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2022-38362

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38362

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38362

EUVD