TIDRONE Espionage Group Launches Cyberattacks Against Taiwanese Drone Manufacturers – Active IOCs
September 9, 2024ZLoader Banking Trojan – Active IOCs
September 10, 2024TIDRONE Espionage Group Launches Cyberattacks Against Taiwanese Drone Manufacturers – Active IOCs
September 9, 2024ZLoader Banking Trojan – Active IOCs
September 10, 2024Severity
High
Analysis Summary
CVE-2024-45034 CVSS:7.8
Apache Airflow could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the scheduler. By using a specially crafted local settings, an attacker could exploit this vulnerability to execute arbitrary code on the system by the scheduler.
CVE-2024-45498 CVSS:8.8
Apache Airflow could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper input validation. By sending a specially crafted example DAG, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Gain Access
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-45034
- CVE-2024-45498
Affected Vendors
Affected Products
- Apache Airflow 2.10.0
Remediation
Upgrade to the latest version of Apache Airflow, available from the Apache Website.