Miggo Logo
Miggo Vulnerability Database
CVE-2022-43982

CVE-2022-43982: Apache Airflow Cross-site Scripting vulnerability

6.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-43982
GHSA ID
GHSA-h63r-9xxf-f2c7
EPSS Score
0.7378%
CWE
CWE-79
Published
11/2/2022
Updated
9/11/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
apache-airflowpip< 2.4.2rc12.4.2rc1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper input sanitization in the get_safe_url function. The commit diff shows this function was modified to replace urlparse with urlsplit/urljoin and implement proper host/scheme validation. The original code's validation logic (checking parsed.scheme in ['http','https',''] and parsed.netloc in [request.host, '']) could allow URIs with dangerous schemes if the netloc matched the host (e.g., 'javascript:alert(1)' with host netloc). The test cases added in the patch demonstrate protection against XSS vectors like 'javascript:alert(1)', confirming the function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** *ir*low v*rsions prior to *.*.*, t** "Tri***r *** wit* *on*i*" s*r**n w*s sus**pti*l* to XSS *tt**ks vi* t** `ori*in` qu*ry *r*um*nt.

Reasoning

T** vuln*r**ility st*ms *rom improp*r input s*nitiz*tion in t** **t_s***_url *un*tion. T** *ommit *i** s*ows t*is *un*tion w*s mo*i*i** to r*pl*** urlp*rs* wit* urlsplit/urljoin *n* impl*m*nt prop*r *ost/s***m* v*li**tion. T** ori*in*l *o**'s v*li**t