PT-2023-20249 · Apache · Apache Airflow Google Provider

Xie Jianming

Published

2023-02-24

Updated

2026-06-03

CVE-2023-25692

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Airflow Google Provider versions prior to 8.10.0

Description The issue is related to an Improper Input Validation vulnerability in the Apache Airflow Google Provider. This vulnerability can potentially lead to a Denial of Service and Remote Command Execution.

Recommendations For versions prior to 8.10.0, update to version 8.10.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Google Cloud Sql Provider to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2023-25692

GHSA-H8P2-8G72-QPGH

Affected Products

Apache Airflow Google Provider

PT-2023-20249 · Apache · Apache Airflow Google Provider

CVE-2023-25692

Weakness Enumeration

Related Identifiers

Affected Products

References · 12