Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service
CVE-2023-25692

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Airflow Google Provider
Vendor: CVE Published:; 24 February 2023

Summary

An improper input validation vulnerability has been identified in the Apache Airflow Google Provider, which affects versions prior to 8.10.0. This flaw may allow attackers to manipulate input to perform unauthorized actions or gain access to sensitive information. It is crucial for users running affected versions to review their configurations and apply the necessary updates to mitigate this risk.

Affected Version(s)

Apache Airflow Google Provider 0 < 8.10.0

References

https://github.com/apache/airflow/pull/29499

patch

https://lists.apache.org/thread/ks4l78l5rwdpmvfn7y7yhs179...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 24, 2023
Vulnerability Reserved
Feb 12, 2023

Credit

Xie Jianming of Caiji Sec Team