Search for vulnerabilities
| Vulnerability ID | VCID-p42d-ta7v-7yhn |
| Aliases |
CVE-2022-38170
GHSA-q8h9-pqcx-59hw PYSEC-2022-261 |
| Summary | In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| epss | 0.00274 | https://api.first.org/data/v1/epss?cve=CVE-2022-38170 |
| cvssv3.1_qr | MODERATE | https://github.com/advisories/GHSA-q8h9-pqcx-59hw |
| Percentile | 0.51046 |
| EPSS Score | 0.00274 |
| Published At | May 30, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-30T20:30:35.478253+00:00 | Pypa Importer | Import | https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2022-261.yaml | 38.6.0 |