Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: APACHE AIRFLOW PATCHED AN IMPORTANT VULNERABILITY THAT CAN RESULT IN RCE, PATCH IMMEDIATELY!
Image
Published : 06/08/2024
Reference:
Advisory #2024-118
Version:
1.0
Affected software:
Apache Airflow 2.4.0, and versions before 2.9.3
Type:
Remote Code Execution
CVE/CVSS:
CVE-2024-39877
CVSS 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
Apache Airflow is an open-source platform used to programmatically author, schedule, and monitor workflows. It is a completely open-source solution, used for architecting and orchestrating complex data pipelines and task launches.
CVE-2024-39877 is a vulnerability in Apache Airflow. If exploited successfully, the vulnerability can lead to Remote Code Execution. The vulnerability has impact on all vertices of the CIA triad.
Description
This vulnerability in Apache Airflow 2.4.0, and versions before 2.9.3 allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context. This should be forbidden according to the Airflow Security model.
Users that have vulnerable systems should upgrade them to version 2.9.3 or later which has removed the vulnerability.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. Vulnerable systems should be upgraded to version 2.9.3 or later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.