CVE-2023-22886
CVE-2023-22886
8.8
HighPublished:
Last updated:
Source:security@apache.org
Modified
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.
References
security@apache.org
https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3