module
Apache Airflow 1.10.10 - Example DAG Remote Code Execution
| Disclosed | Created |
|---|---|
| 2020-07-14 | 2023-09-19 |
Disclosed
2020-07-14
Created
2023-09-19
Description
This module exploits an unauthenticated command injection vulnerability
by combining two critical vulnerabilities in Apache Airflow 1.10.10.
The first, CVE-2020-11978, is an authenticated command injection vulnerability
found in one of Airflow's example DAGs, "example_trigger_target_dag", which
allows any authenticated user to run arbitrary OS commands as the user
running Airflow Worker/Scheduler. The second, CVE-2020-13927, is a default
setting of Airflow 1.10.10 that allows unauthenticated access to Airflow's
Experimental REST API to perform malicious actions such as creating the
vulnerable DAG above. The two CVEs taken together allow vulnerable DAG creation
and command injection, leading to unauthenticated remote code execution.
by combining two critical vulnerabilities in Apache Airflow 1.10.10.
The first, CVE-2020-11978, is an authenticated command injection vulnerability
found in one of Airflow's example DAGs, "example_trigger_target_dag", which
allows any authenticated user to run arbitrary OS commands as the user
running Airflow Worker/Scheduler. The second, CVE-2020-13927, is a default
setting of Airflow 1.10.10 that allows unauthenticated access to Airflow's
Experimental REST API to perform malicious actions such as creating the
vulnerable DAG above. The two CVEs taken together allow vulnerable DAG creation
and command injection, leading to unauthenticated remote code execution.
Authors
xuxiang
Pepe Berba
Ismail E. Dawoodjee
Pepe Berba
Ismail E. Dawoodjee
Platform
Linux,Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.