Initiativen für
    
    Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
      
     
                  Reference:
Advisory #2024-118
Version:
1.0
Affected software:
Apache Airflow 2.4.0, and versions before 2.9.3
Type:
Remote Code Execution
CVE/CVSS:
CVE-2024-39877
CVSS 8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Apache Airflow is an open-source platform used to programmatically author, schedule, and monitor workflows. It is a completely open-source solution, used for architecting and orchestrating complex data pipelines and task launches.
CVE-2024-39877 is a vulnerability in Apache Airflow. If exploited successfully, the vulnerability can lead to Remote Code Execution. The vulnerability has impact on all vertices of the CIA triad.
This vulnerability in Apache Airflow 2.4.0, and versions before 2.9.3 allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context. This should be forbidden according to the Airflow Security model.
Users that have vulnerable systems should upgrade them to version 2.9.3 or later which has removed the vulnerability.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing. Vulnerable systems should be upgraded to version 2.9.3 or later.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via:https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.