CVE-2023-22886

CVE-2023-22886: Apache Airflow JDBC Provider: RCE Vulnerability

Vendor Apache Software Foundation

Product Apache Airflow JDBC Provider

Weakness CWE-20 · Input validation

Published June 29, 2023

Last update October 7, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0.

Key dates

Disclosure timeline

June 29, 2023 CVE published

October 7, 2024 Record updated