Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Pickle deserialization vulnerability in XComs

Low
I
Internet Bug Bounty
Submitted None

Team Summary

Official summary from Internet Bug Bounty

CVE-2023-50943: Apache Airflow: Potential pickle deserialization vulnerability in XComs Severity: low Affected versions: - Apache Airflow before 2.8.1 Description: Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. Credit: Peng Zhou (finder) Hussein Awala (remediation developer) Full Security Advisory: https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn

Actions:
View on HackerOne
Reported by zpbrent

Vulnerability Details

Technical details and impact analysis

Deserialization of Untrusted Data
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. ## Impact For this vulnerability, I think the severity of its impacts highly depends on whether it is possible some malicious tasks can poison the XComs data. Based on my understanding of Airflow's threat model, I have drafted two attacking scenarios for the exploit: 4.1), we consider there is a DAG involving two isolated tasks belonging to two different task owners and running in two different machines/docks, saying an attacker's task running in the attacker's machine and a victim's task running in the victim's machine. In this case, the attacker can poison some XComs data and then exploit this vulnerability to bypass the protection of "enable_xcom_pickling = False" and get an RCE in the victim's machines when the victim's task pulls this poisoned XComs data. 4.2), in case any attacker's task can poison some XComs data, the web users who can view the XComs data by navigating via "DAG->Run->Task->XCom" in the web UI can deserialize the poisoned data for RCE. Or if the Airflow sets "enable_xcom_deserialize_support = True", the authenticated users can trigger the RCE by accessing the "xcomEntries" endpoint. I am not very sure whether the two attacking scenarios described above apply to your Airflow threat models and whether there are some more potential exploitable scenarios. However, we can see in the airflow.cfg, the comments for the key "enable_xcom_pickling" saying "Whether to enable pickling for xcom (note that this is insecure and allows for RCE exploits).", I thus believe the bypass of the "enable_xcom_pickling" can more or less induce kinds of insecure matters in the use of Airflow.

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Deserialization of Untrusted Data