Back to search
CVE-2022-38170
Published: Sep 2, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Airflow | affected Apache Airflow - <= 2.3.3 |
References
https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv
x_refsource_MISC
[oss-security] 20220902 CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons
mailing-list
x_refsource_MLIST
[oss-security] 20220902 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons
mailing-list
x_refsource_MLIST
[oss-security] 20220920 Re: CVE-2022-38170: Apache Airflow: Overly permissive umask for deamons
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now