CVE-2022-38170

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-38170

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-38170.json

Aliases

Published

2022-09-02T07:15:07Z

Modified

2023-12-06T01:02:31.473415Z

Details

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type: GIT
Repo: https://github.com/apache/airflow
Events: Introduced

0The exact introduced commit is unknown

Fixed

24884e984747fc1706d543de526f30a1fe0f28fe

Affected versions

Other

constraints-2-3

constraints-2.*

constraints-2.0.0rc1

constraints-2.0.0rc2

constraints-2.0.0rc3

constraints-2.0.1rc1

constraints-2.1.0rc1

constraints-2.2.0b1

constraints-2.2.0b2

constraints-2.2.0rc1

constraints-2.3.0b1

constraints-2.3.0rc1

constraints-2.3.0rc2

constraints-2.3.1rc1

constraints-2.3.2rc1

constraints-2.3.2rc2

constraints-2.3.3rc1

constraints-2.3.3rc2

constraints-2.3.3rc3

constraints-2.3.4rc1