Rewterz

Rewterz Threat Alert – STOP/DJVU Ransomware – Active IOCs

November 8, 2022

Rewterz Named to MSSP Alert’s Top 250 MSSPs List for 2022

November 8, 2022

Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2022-43985 CVSS:5.4

Apache Airflow could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the “/confirm” endpoint. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.

CVE-2022-43982 CVSS:6.1

Apache Airflow is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the “Trigger DAG with config” screen. A remote attacker could exploit this vulnerability using the origin parameter in a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

  • Gain Access
  • Cross-Site Scripting

Indicators Of Compromise

CVE

  • CVE-2022-43985
  • CVE-2022-43982

Affected Vendors

Apache

Affected Products

Apache Airflow 2.4.1

Remediation

Upgrade to the latest version of Apache Airflow, available from the Apache Airflow GIT Repository.

Apache Airflow GIT Repository

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.