Vulnerability Name:

CVE-2020-17515 (CCN-192971)

Assigned:2020-12-11
Published:2020-12-11
Updated:2022-08-06
Summary:The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2020-17515

Source: MLIST
Type: Mailing List, Vendor Advisory
[oss-security] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL

Source: CCN
Type: Apache Web site
Apache Airflow

Source: XF
Type: UNKNOWN
apache-cve202017515-xss(192971)

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515

Source: MLIST
Type: Mailing List, Vendor Advisory
[airflow-dev] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515

Source: MLIST
Type: Issue Tracking, Mailing List, Vendor Advisory
[airflow-users] 20201211 Apache Airflow Security Vulnerabilities fixed in v1.10.13: CVE-2020-17515

Source: MISC
Type: Issue Tracking, Mailing List, Vendor Advisory
https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E

Source: MLIST
Type: Issue Tracking, Mailing List, Vendor Advisory
[airflow-users] 20201211 CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter

Source: MLIST
Type: Issue Tracking, Mailing List, Vendor Advisory
[airflow-users] 20210501 CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL

Source: MLIST
Type: Issue Tracking, Mailing List, Vendor Advisory
[announce] 20210501 Apache Airflow CVE: CVE-2021-28359: Apache Airflow Reflected XSS via Origin Query Argument in URL

Source: CCN
Type: oss-sec Mailing List, Fri, 11 Dec 2020 13:14:07 +0000
CVE-2020-17515: Apache Airflow Reflected XSS via Origin Parameter

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:airflow:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 2.0.2)
  • OR cpe:/a:apache:airflow:*:*:*:*:*:*:*:* (Version < 1.10.15)

    • Configuration CCN 1:
  • cpe:/a:apache:airflow:1.10.12:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache airflow *
    apache airflow *
    apache airflow 1.10.12