Vulnerability Details : CVE-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2020-17515
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less