Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider.
Airflow JDBC Provider Connection’s [Connection URL] parameters had no
restrictions, which made it possible to implement RCE attacks via
different type JDBC drivers, obtain airflow server permission.
This issue affects Apache Airflow JDBC Provider: before 4.0.0.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/ynbjwp4n0vzql0xzhog1gkp1ovncf8j3 | Mailing List Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2023-06-29T09:41:00.074Z
Updated: 2023-06-29T09:41:00.074Z
Reserved: 2023-01-09T19:24:49.530Z
Link: CVE-2023-22886
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-06-29T10:15:09.650
Modified: 2023-07-06T19:32:59.063
Link: CVE-2023-22886
JSON object: View
Redhat Information
No data.
CWE