PT-2023-20249 · Apache · Apache Airflow Google Provider

Xie Jianming

Publicado

2023-02-24

Atualizado

2026-06-03

CVE-2023-25692

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Airflow Google Provider versions prior to 8.10.0

Description The issue is related to an Improper Input Validation vulnerability in the Apache Airflow Google Provider. This vulnerability can potentially lead to a Denial of Service and Remote Command Execution.

Recommendations For versions prior to 8.10.0, update to version 8.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Google Cloud Sql Provider to minimize the risk of exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2023-25692

GHSA-H8P2-8G72-QPGH

Produtos afetados

Apache Airflow Google Provider

PT-2023-20249 · Apache · Apache Airflow Google Provider

CVE-2023-25692

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12