Miggo Logo

CVE-2020-9485: Stored XSS in Apache Airflow

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.83424%
Published
7/27/2020
Updated
9/11/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-airflowpip< 1.10.111.10.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability exists in the Chart pages of the classic UI, which are rendered via Flask view functions. Stored XSS typically occurs when user-controlled input is persisted and later rendered without proper sanitization. The 'chart' view function (or similar) would handle chart data retrieval and template rendering. Since the advisory specifies the classic UI's Chart pages as the attack vector, the view function responsible for this endpoint is the most likely candidate. The lack of HTML escaping in template variables (e.g., {{ variable | safe }} instead of {{ variable }}) would directly enable XSS. While exact code isn't available, Airflow's architecture and the vulnerability description strongly implicate the chart-rendering view function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *oun* in *p**** *ir*low v*rsions *.**.** *n* **low. * stor** XSS vuln*r**ility w*s *is*ov*r** in t** ***rt p***s o* t** t** "*l*ssi*" UI.

Reasoning

T** vuln*r**ility *xists in t** ***rt p***s o* t** *l*ssi* UI, w*i** *r* r*n**r** vi* `*l*sk` vi*w *un*tions. Stor** XSS typi**lly o**urs w**n us*r-*ontroll** input is p*rsist** *n* l*t*r r*n**r** wit*out prop*r s*nitiz*tion. T** '***rt' vi*w *un*tio