CyberSec.Space Logo
Back to CVE Browser

CVE-2020-11981

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0680%
EPSS Percentile27.29th
PublishedJul 17, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Affected Platforms (CPE)

📦
Apache

Airflow

<= 1.10.10

References & Advisories

🔗 https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
🔗 https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E

Related Vulnerabilities

CVE-2020-139279.8

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses s...

CVE-2021-385409.8

The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to...

CVE-2020-119829.8

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker...

CVE-2017-178369.8

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to data...

CVE-2020-11981 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space