Vulnerabilities > CVE-2023-22886 - Unspecified vulnerability in Apache Apache-Airflow-Providers-Jdbc

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

NVD

Published: 2023-06-29

Updated: 2024-11-21

Summary

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Apache Airflow Providers Jdbc 1.0.0 Apache Apache Airflow Providers Jdbc 1.0.1 Apache Apache Airflow Providers Jdbc 1.3.1 Apache Apache Airflow Providers Jdbc 2.0.0 Apache Apache Airflow Providers Jdbc 2.0.1 Apache Apache Airflow Providers Jdbc 2.1.0 Apache Apache Airflow Providers Jdbc 2.1.1 Apache Apache Airflow Providers Jdbc 2.1.3 Apache Apache Airflow Providers Jdbc 2.2.0 Apache Apache Airflow Providers Jdbc 2.3.0 Apache Apache Airflow Providers Jdbc 2.4.0 Apache Apache Airflow Providers Jdbc 3.0.0 Apache Apache Airflow Providers Jdbc 3.1.0 Apache Apache Airflow Providers Jdbc 3.2.0 Apache Apache Airflow Providers Jdbc 3.2.1 Apache Apache Airflow Providers Jdbc 3.3.0 Apache Apache Airflow Providers Jdbc 3.4.0	17

Summary

Vulnerable Configurations

References