Back to search
CVE-2020-17515
Published: Dec 11, 2020
Modified: Feb 13, 2025
PUBLISHED
Description
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Airflow | affected Apache Airflow - < 1.10.13 |
References
[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter
mailing-list
x_refsource_MLIST
[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515
mailing-list
x_refsource_MLIST
[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515
mailing-list
x_refsource_MLIST
[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter
mailing-list
x_refsource_MLIST
[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515
mailing-list
x_refsource_MLIST
[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL
mailing-list
x_refsource_MLIST
[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now