Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.
This issue affects Apache Airflow Apache Hive Provider: before 6.1.1.
Before version 6.1.1 it was possible to bypass the security check to RCE via
principal parameter. For this to be exploited it requires access to modifying the connection details.
It is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2023-07-03T09:08:53.795Z
Updated: 2024-08-02T16:30:45.329Z
Reserved: 2023-06-17T19:36:58.422Z
Link: CVE-2023-35797
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-03T10:15:09.473
Modified: 2023-07-13T23:15:10.603
Link: CVE-2023-35797
Redhat
No data.