CVE-2023-27604 - Vulnerability Details - OpenCVE

Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.

It is recommended to upgrade to a version that is not affected.
This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00265.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Apache	Airflow Sqoop Provider

Configuration 1 [-]

cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/apache/airflow/pull/33039
https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd

History

Fri, 27 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-08-28T07:47:29.702Z

Updated: 2024-09-27T18:46:43.906Z

Reserved: 2023-03-04T16:47:10.813Z

Link: CVE-2023-27604

Vulnrichment

Updated: 2024-08-02T12:16:36.683Z

NVD

Status : Modified

Published: 2023-08-28T08:15:14.697

Modified: 2024-11-21T07:53:14.847

Link: CVE-2023-27604

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27604", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-03-04T16:47:10.813Z", "datePublished": "2023-08-28T07:47:29.702Z", "dateUpdated": "2024-09-27T18:46:43.906Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Airflow Sqoop Provider", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "4.0.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "happyhacking-k"}, {"lang": "en", "type": "finder", "value": "Xie Jianming of Caiji Sec Team"}, {"lang": "en", "type": "finder", "value": "Liu Hui of Caiji Sec Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. T<span style=\"background-color: rgb(255, 255, 255);\">he attacker needs to be logged in and have authorization (permissions) to create/edit connections.<br></span><br> It is recommended to upgrade to a version that is not affected.<br>This issue was reported independently by <span style=\"background-color: rgb(255, 255, 255);\">happyhacking-k</span>, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."}], "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.\n\n It is recommended to upgrade to a version that is not affected.\nThis issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-08-28T07:47:29.702Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/apache/airflow/pull/33039"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:16:36.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/apache/airflow/pull/33039"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"}]}, {"affected": [{"vendor": "apache", "product": "airflow_sqoop_provider", "cpes": ["cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "4.0.0", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T18:45:03.537743Z", "id": "CVE-2023-27604", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T18:46:43.906Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27604", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-03-04T16:47:10.813Z", "datePublished": "2023-08-28T07:47:29.702Z", "dateUpdated": "2024-09-27T18:46:43.906Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Airflow Sqoop Provider", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "4.0.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "happyhacking-k"}, {"lang": "en", "type": "finder", "value": "Xie Jianming of Caiji Sec Team"}, {"lang": "en", "type": "finder", "value": "Liu Hui of Caiji Sec Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. T<span style=\"background-color: rgb(255, 255, 255);\">he attacker needs to be logged in and have authorization (permissions) to create/edit connections.<br></span><br> It is recommended to upgrade to a version that is not affected.<br>This issue was reported independently by <span style=\"background-color: rgb(255, 255, 255);\">happyhacking-k</span>, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."}], "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.\n\n It is recommended to upgrade to a version that is not affected.\nThis issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-08-28T07:47:29.702Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/apache/airflow/pull/33039"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:16:36.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/apache/airflow/pull/33039"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-27604", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-27T18:45:03.537743Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*"], "vendor": "apache", "product": "airflow_sqoop_provider", "versions": [{"status": "affected", "version": "0", "lessThan": "4.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T18:46:33.402Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*", "matchCriteriaId": "971C1268-59CA-4A49-8726-81E0205595A8", "versionEndExcluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.\n\n It is recommended to upgrade to a version that is not affected.\nThis issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."}], "id": "CVE-2023-27604", "lastModified": "2024-11-21T07:53:14.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-08-28T08:15:14.697", "references": [{"source": "security@apache.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/apache/airflow/pull/33039"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/apache/airflow/pull/33039"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@apache.org", "type": "Secondary"}]}