Miggo Logo

CVE-2018-20244: Apache Airflow vulnerable to Stored XSS

5.5

CVSS Score
3.0

Basic Information

EPSS Score
0.74636%
Published
3/6/2019
Updated
9/10/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-airflowpip< 1.10.21.10.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from multiple view functions that directly interpolated user-controlled database values (run_id, label, pool) into HTML templates without proper escaping. The commit diff shows the addition of escape() calls to these values, confirming they were vulnerable to XSS. The test case added in test_views.py with <script> tags demonstrates the exploit scenario. All identified functions handle metadata database values that admins could manipulate, making them clear XSS vectors.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** *ir*low ***or* *.**.*, * m*li*ious **min us*r *oul* **it t** st*t* o* o*j**ts in t** *ir*low m*t***t* **t***s* to *x**ut* *r*itr*ry j*v*s*ript on **rt*in p*** vi*ws.

Reasoning

T** vuln*r**ility st*ms *rom multipl* vi*w *un*tions t**t *ir**tly int*rpol*t** us*r-*ontroll** **t***s* v*lu*s (run_i*, l***l, pool) into *TML t*mpl*t*s wit*out prop*r *s**pin*. T** *ommit *i** s*ows t** ***ition o* *s**p*() **lls to t**s* v*lu*s, *