The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade apache-airflow
to version 2.8.4 or higher.
apache-airflow is a platform to programmatically author, schedule, and monitor workflows.
Affected versions of this package are vulnerable to Improper Preservation of Permissions when the local file task handler sets permissions for all parent folders of the log folder to writable by the group of the application user. An attacker may be able to modify or delete logs by gaining write access to these folders. In configurations in which this attack affects the home directory, the change can also block SSH operations by other users.
Note: This vulnerability only applies if the Airflow installation is in a shared container or environment with other applications or users, which is not the case for Official Airflow Docker reference images. Furthermore, it does not apply if umask
is set to 002
, which is a common default.
This vulnerability can be avoided by setting the file task handler's new folder permissions (file-task-handler-new-folder-permissions
) to 0o755
rather than 0o775
.