Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 includes a fix for CVE-2023-23931: In affected versions 'Cipher.update_into' would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as 'bytes') to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This issue has been present since 'update_into' was originally introduced in cryptography 1.8.

Cryptography 3.3.2 includes a fix for CVE-2020-36242: certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

The `cryptography` library has updated its BoringSSL and OpenSSL dependencies in CI due to a security concern. Specifically, the issue involves the functions `EVP_PKEY_param_check()` and `EVP_PKEY_public_check()`, which are used to check DSA public keys or parameters. These functions can experience significant delays when processing excessively long DSA keys or parameters, potentially leading to a Denial of Service (DoS) if the input is from an untrusted source. The vulnerability arises because the key and parameter check functions do not limit the modulus size during checks, despite OpenSSL not allowing public keys with a modulus over 10,000 bits for signature verification. This issue affects applications that directly call these functions and the OpenSSL `pkey` and `pkeyparam` command-line applications with the `-check` option. The OpenSSL SSL/TLS implementation is not impacted, but the OpenSSL 3.0 and 3.1 FIPS providers are affected by this vulnerability.

Cryptography starting from version 42.0.0 updates its CI configurations to use newer versions of BoringSSL or OpenSSL as a countermeasure to CVE-2023-5678. This vulnerability, affecting the package, could cause Denial of Service through specific DH key generation and verification functions when given overly long parameters.

Cryptography 41.0.3 updates its bundled OpenSSL version to include a fix for a Denial of Service vulnerability.
https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2
https://www.openssl.org/news/secadv/20230719.txt

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 3.3 no longer allows loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.
https://github.com/pyca/cryptography/pull/5592

Cryptography 41.0.3 updates its bundled OpenSSL version to include a fix for a Denial of Service vulnerability.
https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d
https://www.openssl.org/news/secadv/20230731.txt

Cryptography version 42.0.5 introduces a limit on the number of name constraint checks during X.509 path validation to prevent denial of service attacks.
https://github.com/pyca/cryptography/commit/4be53bf20cc90cbac01f5f94c5d1aecc5289ba1f

Affected versions of Cryptography may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. See: CVE-2018-10903.

The cryptography library has updated its OpenSSL dependency in CI due to security concerns. This vulnerability arises when processing maliciously formatted PKCS12 files, which can cause OpenSSL to crash, leading to a potential Denial of Service (DoS) attack. PKCS12 files, often containing certificates and keys, may come from untrusted sources. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly handle these cases, resulting in a NULL pointer dereference and subsequent crash. Applications using OpenSSL APIs, such as PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass(), are vulnerable if they process PKCS12 files from untrusted sources. Although a similar issue in SMIME_write_PKCS7() was fixed, it is not considered significant for security as it pertains to data writing. This issue does not affect the FIPS modules in versions 3.2, 3.1, and 3.0.

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 41.0.3  updates its bundled OpenSSL version to include a fix for CVE-2023-2975: AES-SIV implementation ignores empty associated data entries.
https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2
https://www.openssl.org/news/secadv/20230714.txt

Cryptography 39.0.1 includes a fix for CVE-2022-3996, a DoS vulnerability affecting openssl.
https://github.com/pyca/cryptography/issues/7940

Cryptography 41.0.5 updates Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4, that includes a security fix.

Cryptography 3.2 and prior are vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 41.0.0 updates its dependency 'OpenSSL' to v3.1.1 to include a security fix.
https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22

Cryptography 41.0.4 updates Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3, that includes a security fix.
https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 includes a fix for CVE-2023-23931: In affected versions 'Cipher.update_into' would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as 'bytes') to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This issue has been present since 'update_into' was originally introduced in cryptography 1.8.

Cryptography 3.3.2 includes a fix for CVE-2020-36242: certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

The `cryptography` library has updated its BoringSSL and OpenSSL dependencies in CI due to a security concern. Specifically, the issue involves the functions `EVP_PKEY_param_check()` and `EVP_PKEY_public_check()`, which are used to check DSA public keys or parameters. These functions can experience significant delays when processing excessively long DSA keys or parameters, potentially leading to a Denial of Service (DoS) if the input is from an untrusted source. The vulnerability arises because the key and parameter check functions do not limit the modulus size during checks, despite OpenSSL not allowing public keys with a modulus over 10,000 bits for signature verification. This issue affects applications that directly call these functions and the OpenSSL `pkey` and `pkeyparam` command-line applications with the `-check` option. The OpenSSL SSL/TLS implementation is not impacted, but the OpenSSL 3.0 and 3.1 FIPS providers are affected by this vulnerability.

Cryptography starting from version 42.0.0 updates its CI configurations to use newer versions of BoringSSL or OpenSSL as a countermeasure to CVE-2023-5678. This vulnerability, affecting the package, could cause Denial of Service through specific DH key generation and verification functions when given overly long parameters.

Cryptography 41.0.3 updates its bundled OpenSSL version to include a fix for a Denial of Service vulnerability.
https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2
https://www.openssl.org/news/secadv/20230719.txt

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 3.3 no longer allows loading of finite field Diffie-Hellman parameters of less than 512 bits in length. This change is to conform with an upcoming OpenSSL release that no longer supports smaller sizes. These keys were already wildly insecure and should not have been used in any application outside of testing.
https://github.com/pyca/cryptography/pull/5592

Cryptography 41.0.3 updates its bundled OpenSSL version to include a fix for a Denial of Service vulnerability.
https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d
https://www.openssl.org/news/secadv/20230731.txt

Cryptography version 42.0.5 introduces a limit on the number of name constraint checks during X.509 path validation to prevent denial of service attacks.
https://github.com/pyca/cryptography/commit/4be53bf20cc90cbac01f5f94c5d1aecc5289ba1f

Affected versions of Cryptography may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. See: CVE-2018-10903.

The cryptography library has updated its OpenSSL dependency in CI due to security concerns. This vulnerability arises when processing maliciously formatted PKCS12 files, which can cause OpenSSL to crash, leading to a potential Denial of Service (DoS) attack. PKCS12 files, often containing certificates and keys, may come from untrusted sources. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly handle these cases, resulting in a NULL pointer dereference and subsequent crash. Applications using OpenSSL APIs, such as PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes(), and PKCS12_newpass(), are vulnerable if they process PKCS12 files from untrusted sources. Although a similar issue in SMIME_write_PKCS7() was fixed, it is not considered significant for security as it pertains to data writing. This issue does not affect the FIPS modules in versions 3.2, 3.1, and 3.0.

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 41.0.3  updates its bundled OpenSSL version to include a fix for CVE-2023-2975: AES-SIV implementation ignores empty associated data entries.
https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2
https://www.openssl.org/news/secadv/20230714.txt

Cryptography 39.0.1 includes a fix for CVE-2022-3996, a DoS vulnerability affecting openssl.
https://github.com/pyca/cryptography/issues/7940

Cryptography 41.0.5 updates Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.4, that includes a security fix.

Cryptography 3.2 and prior are vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Cryptography 39.0.1 updates its dependency 'OpenSSL' to v3.0.8 to include security fixes.
https://github.com/pyca/cryptography/issues/8229

Cryptography 41.0.0 updates its dependency 'OpenSSL' to v3.1.1 to include a security fix.
https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22

Cryptography 41.0.4 updates Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3, that includes a security fix.
https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.

Apache Airflow affected versions have a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs.

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.  Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (pyjwt == 1.7.1).

In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new "RBAC" UI is unaffected.

The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking.

Apache Airflow, in affected versions, contains a vulnerability where a malicious provider could exploit a cross-site scripting (XSS) attack through a provider documentation link. A malicious user could inject a JavaScript URL (e.g., `javascript:prompt(document.domain)`) into the provider's metadata. If a user clicks on this crafted link, it could trigger an XSS attack. The vulnerability requires the malicious provider to be installed on the web server and the user to interact with the malicious link.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-40195.

In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.

Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to versions ^1.10.23 to include a security fix.

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.

Affected versions of Apache Airflow are vulnerable to Exposure of Sensitive Information (CWE-201). This vulnerability allows authenticated users with audit log access to view sensitive configuration variables in task logs by setting them via the CLI. The attack vector involves executing CLI commands that store sensitive variables unencrypted in audit logs within cli.py, enabling unauthorized access to critical data. To mitigate, upgrade to Airflow version which masks secrets in task logs, preventing the exposure of sensitive configuration data. Additionally, users should manually delete any previously logged secret variables from the log table.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2022-46421.

A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks.

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack (Python/Airflow version, node name). This information should not be shown if traceback is shown to unauthenticated user.

Affected version of Apache-airflow are vulnerable to Privilege Context Switching Error. File Task Handler should apply different permissions to log files generated by Airflow in order to handle impersonation.

Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.

Affected versions of the Apache Airflow package are vulnerable to Missing Authentication for Critical Function due to an insecure default configuration that permits unauthenticated requests to the Experimental API. In versions before 1.10.11, the web server exposes endpoints under /api/experimental/ without enforcing an authentication backend, allowing arbitrary clients to invoke operations such as POST /api/experimental/dags/<dag_id>/dag_runs.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability

In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.

Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability.

Affected versions of Apache Airflow allow authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. In versions 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.

Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability

Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.

Airflow versions affected versions have a vulnerability that allows an authenticated user to see sensitive provider configuration via the "configuration" UI page when "non-sensitive-only" was set as "webserver.expose_config" configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your "expose_config" configuration to False as a workaround. This is similar, but different to CVE-2023-46288 which concerned API, not UI configuration page.

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack. See CVE-2020-17513.

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the '--daemon' flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Apache-airflow 2.7.0 disables default allowing the testing of connections in UI, API and CLI for security reasons.
https://github.com/apache/airflow/pull/32052

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-28706.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.

The default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.

Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.

Apache-airflow before 2.0.0b1 bundles the code for the Docker provider integration. Therefore, it is affected by CVE-2022-38362.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (click == 7.1.2).

Execution with Unnecessary Privileges: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow. The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0. This issue affects Apache Airflow: before 2.6.0.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).

Versions of Apache Airflow prior to 1.10.5 expose a vulnerability where the Databricks operator logs API keys in plaintext during task execution. This exposure results from the operator encouraging users to input their API key into a connection's "extra" field, which the Databricks hook subsequently logs, leading to information exposure.
https://github.com/apache/airflow/pull/5635/commits/89f015e6c89392b6de61dab8ab90182e6ee42b74

In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.

Apache Airflow affected versions contain a potential security vulnerability in the initialization process. The DAGS_FOLDER was added to sys.path before importing local settings, potentially allowing execution of malicious code if an attacker had write access to the DAGS_FOLDER. The fix reorganizes the initialization sequence, ensuring DAGS_FOLDER is added to sys.path only after local settings are imported. This change mitigates the risk of unintended code execution during startup. Users are strongly advised to update to the latest version incorporating this fix, especially in environments where DAGS_FOLDER access is not strictly controlled.

Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability in 'normalize-url' package.
https://github.com/apache/airflow/pull/16375

Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to include a security fix.
https://github.com/apache/airflow/pull/15784

Apache Airflow affected versions have a vulnerability that can expose sensitive configuration variables in task logs. This allows DAG authors to unintentionally or intentionally log such variables, enabling unauthorized users to access critical data and potentially compromising Airflow deployments. Secrets are now masked in task logs to prevent this exposure. Additionally, if secret values might have been logged and logs aren't protected, it is recommended to update those secrets.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark provider integration. Therefore, it is affected by CVE-2023-28710.

A session fixation vulnerability allows authenticated users to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behavior.

Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.

An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud provider integration. Therefore, it is affected by CVE-2023-25691.

Apache-airflow 2.3.2 and prior versions ship with vulnerable dependencies (wtforms == 2.3.3).

Apache Airflow, in versions before 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't. This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).

A security flaw in Apache Airflow allows authenticated users to view warnings and related details for all Directed Acyclic Graphs (DAGs), including those they are not permitted to see. This exposure includes DAG IDs and stack traces from import errors, posing a risk to versions of Apache Airflow before 2.7.2.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider. This issue affects Apache Airflow before 2.5.1 and Apache Airflow MySQL Provider before 4.0.0.

Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to '>=6.1.9' to include security fixes.

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.

Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is recommended by Flask community.
https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6
https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec

Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default.
https://github.com/apache/airflow/commit/1211dddfd7167fd90575f40dd6734b0af9aec8b7

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS.

Apache Airflow affected versions are affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it.

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider integration. Therefore, it is affected by CVE-2023-22886.

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.

Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud Provider integration. Therefore, it is affected by CVE-2023-25692.

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.

Apache-airflow 2.7.0 disables support for the deserialize flag by default in the 'xcomEntries' API. This was an unsafe default, as deserialization may instantiates arbitrary objects.
https://github.com/apache/airflow/pull/32176

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.

Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint.
https://github.com/apache/airflow/commit/8f9bf94d82abc59336e642db64e575cee0cc5df0

The details page for task instances in the user interface is subject to a stored XSS vulnerability. This problem pertains to Apache Airflow versions prior to 2.6.0.
https://github.com/apache/airflow/pull/30447/commits/3d894f7a643e9319f5c48e343ac39b248dedaa9b
https://github.com/apache/airflow/pull/30779/commits/7c566f7ef4b33175aafc4f89f94fb2096b093940

Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requirement to v19.5.0 to include a security fix.

Affected versions of Apache Airflow have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider.

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive provider integration. Therefore, it is affected by CVE-2023-25696.

Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerability.
https://github.com/apache/airflow/pull/20699

Apache Airflow affected versions are affected by a vulnerability that allows unauthorized read access to a DAG through the URL.

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.

Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).

Apache-airflow before 2.0.0b1 bundles the code for the Amazon provider integration. Therefore, it is affected by CVE-2023-25956.

Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to include a security fix.

An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.

Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873  for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later.

A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.

Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. 
https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E

A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.

Affected versions of Apache Airflow are vulnerable to an improper preservation of permissions vulnerability. This issue causes the local file task handler to incorrectly set write permissions on all parent folders of the log directory, potentially exposing sensitive directories and disrupting SSH operations when logs reside in home directories. The attack vector exploits misconfigured permission settings in non-containerized deployments, especially when running as root with a restrictive umask. Mitigation involves upgrading to Apache Airflow 2.8.4, using a non-root user, or changing the file_task_handler_new_folder_permissions configuration to 0o755.

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

Apache Airflow affected versions have a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected

Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.