Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider.
Airflow JDBC Provider Connection’s [Connection URL] parameters had no
restrictions, which made it possible to implement RCE attacks via
different type JDBC drivers, obtain airflow server permission.
This issue affects Apache Airflow JDBC Provider: before 4.0.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3 | Mailing List Vendor Advisory |
Configurations
History
06 Jul 2023, 19:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache
Apache apache-airflow-providers-jdbc |
|
References | (MISC) https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3 - Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:apache:apache-airflow-providers-jdbc:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
29 Jun 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-29 10:15
Updated : 2024-10-07 19:36
NVD link : CVE-2023-22886
Mitre link : CVE-2023-22886
CVE.ORG link : CVE-2023-22886
JSON object : View
Products Affected
apache
- apache-airflow-providers-jdbc
CWE
CWE-20
Improper Input Validation