Back to search
CVE-2023-22886
Published: Jun 29, 2023
Modified: Oct 7, 2024
PUBLISHED
Description
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Airflow JDBC Provider | affected 0 - < 4.0.0 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now