Vulnerabilities > CVE-2023-39553 - Unspecified vulnerability in Apache Apache-Airflow-Providers-Apache-Drill

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

apache

NVD

Published: 2023-08-11

Updated: 2024-11-21

Summary

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Apache Airflow Providers Apache Drill 1.0.0 Apache Apache Airflow Providers Apache Drill 1.0.1 Apache Apache Airflow Providers Apache Drill 1.0.2 Apache Apache Airflow Providers Apache Drill 1.0.3 Apache Apache Airflow Providers Apache Drill 1.0.4 Apache Apache Airflow Providers Apache Drill 2.0.0 Apache Apache Airflow Providers Apache Drill 2.1.0 Apache Apache Airflow Providers Apache Drill 2.2.0 Apache Apache Airflow Providers Apache Drill 2.2.1 Apache Apache Airflow Providers Apache Drill 2.3.0 Apache Apache Airflow Providers Apache Drill 2.3.1 Apache Apache Airflow Providers Apache Drill 2.3.2 Apache Apache Airflow Providers Apache Drill 2.4.0 Apache Apache Airflow Providers Apache Drill 2.4.1 Apache Apache Airflow Providers Apache Drill 2.4.2	15

Summary

Vulnerable Configurations

References