by vicarius
log in join community
by @jakaba
03 Aug 2023
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

RCE via example DAG in Apache Airflow (CVE-2022-40127) - Exploit

by @jakaba
by @jakaba
03 Aug 2023
#novel_exploit_analysis

An exploitation of a CVE vulnerability that has no prior exploit

publish

RCE via example DAG in Apache Airflow (CVE-2022-40127) - Exploit

OS

Kali Linux
Kali LinuxKali
2024.1.*
2020.3.*
2019.4.*

Apps

A
AirflowApache
1.0.0:.*
2.0.0:.*
*.*
1.7.1.3.*
1.7.1.2.*
1.7.1.1.*
1.10.11.*
1.10.12.*
0.4.5.*
1.10.8.*

Screenshots from the blog posts

images/clkto0mfz0etp1hln2mhp848t.jpgimages/clkto0mfz0etp1hln2mhp848t.jpg

PoC video

Summary

The provided Python code is an exploit script targeting CVE-2022-40127, a Remote Code Execution (RCE) vulnerability in Apache Airflow versions before 2.4.0. The vulnerability arises due to insufficient validation of user-supplied inputs, which allows an attacker to execute arbitrary code on the target system

general

Description

Tags

#exploit#RCE#APACHE#CVE-2022-40127#Airflow
users/photos/clj8b3h1k16g10uoihwvzgsxi.png

@jakaba

44 posts

Total vcoins

41.1K

Social media links

Comments (0)