CVE-2022-38362

high

Description

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

References

https://lists.apache.org/thread/614p38nf4gbk8xhvnskj9b1sqo2dknkb

http://www.openwall.com/lists/oss-security/2022/08/16/1

Details

Source: Mitre, NVD

Published: 2022-08-16

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00138