Vulnerability Description
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache-Airflow-Providers-Docker | < 3.0.0 |
References
- http://www.openwall.com/lists/oss-security/2022/08/16/1Third Party Advisory
- https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkbMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2022/08/16/1Third Party Advisory
- https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkbMailing ListVendor Advisory
FAQ
What is CVE-2022-38362?
CVE-2022-38362 is a vulnerability with a CVSS score of 8.8 (HIGH). Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
How severe is CVE-2022-38362?
CVE-2022-38362 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-38362?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Apache-Airflow-Providers-Docker.