mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-31 18:50:38 +00:00
846 B
846 B
CVE-2022-38170
Description
In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the --daemon flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.
POC
Reference
No PoCs from references.