Vulnerabilities > Apache > Airflow > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-14 | CVE-2020-17511 | Cleartext Storage of Sensitive Information vulnerability in Apache Airflow In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. | 6.5 |
| 2020-12-11 | CVE-2020-17515 | Cross-site Scripting vulnerability in Apache Airflow The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | 6.1 |
| 2020-09-17 | CVE-2020-13944 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | 6.1 |
| 2020-07-17 | CVE-2020-9485 | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 6.1 |
| 2020-07-17 | CVE-2020-11983 | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 5.4 |
| 2020-01-14 | CVE-2019-12398 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow before 1.10.5 when running with the "classic" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
| 2019-10-30 | CVE-2019-12417 | Cross-site Scripting vulnerability in Apache Airflow A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
| 2019-04-10 | CVE-2019-0216 | Cross-site Scripting vulnerability in Apache Airflow A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
| 2019-02-27 | CVE-2018-20244 | Cross-site Scripting vulnerability in Apache Airflow In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 5.5 |
| 2018-08-06 | CVE-2017-12614 | Cross-site Scripting vulnerability in Apache Airflow It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. | 6.1 |