CVE-2023-28707 - OpenCVE

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Apache-airflow-providers-apache-drill

Configuration 1 [-]

cpe:2.3:a:apache:apache-airflow-providers-apache-drill:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/04/07/1
https://github.com/apache/airflow/pull/30215
https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-04-07T14:53:24.274Z

Updated: 2024-08-02T13:43:23.746Z

Reserved: 2023-03-21T16:20:38.379Z

Link: CVE-2023-28707

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-04-07T15:15:08.067

Modified: 2023-05-22T14:25:13.693

Link: CVE-2023-28707

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-28707", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-03-21T16:20:38.379Z", "datePublished": "2023-04-07T14:53:24.274Z", "dateUpdated": "2024-08-02T13:43:23.746Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Airflow Drill Provider", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "2.3.2", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kai Zhao of 3H Secruity Team"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.<p>This issue affects Apache Airflow Drill Provider: before 2.3.2.</p>"}], "value": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.\n\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-04-07T14:53:24.274Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/apache/airflow/pull/30215"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk"}, {"url": "http://www.openwall.com/lists/oss-security/2023/04/07/1"}], "source": {"discovery": "UNKNOWN"}, "title": "Airflow Apache Drill Provider Arbitrary File Read Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T13:43:23.746Z"}, "title": "CVE Program Container", "references": [{"tags": ["patch", "x_transferred"], "url": "https://github.com/apache/airflow/pull/30215"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk"}, {"url": "http://www.openwall.com/lists/oss-security/2023/04/07/1", "tags": ["x_transferred"]}]}]}}