Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-20244

Good to know:

icon
icon

Date: January 22, 2019

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Language: Python

Severity Score

Related Resources (5)

https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231%40%3Cdev.airflow.apache.org%3E
http://www.openwall.com/lists/oss-security/2019/04/10/6
https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b%40%3Cdev.airflow.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2018-20244
https://www.mend.io/vulnerability-database/CVE-2018-20244

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

icon

Upgrade Version

Upgrade to version 1.10.3

Learn More

CVSS v3

Base Score:
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL

CVSS v2

Base Score:
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us