Apache Airflow Spark Provider Arbitrary File Read via JDBC
CVE-2023-28710

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Airflow Spark Provider
Vendor: CVE Published:; 7 April 2023

What is CVE-2023-28710?

An input validation issue exists in the Apache Airflow Spark Provider, affecting versions prior to 4.0.1, which may lead to unauthorized access or manipulation of data. Proper validation mechanisms are crucial to ensure that user inputs do not lead to unintended consequences within the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Airflow Spark Provider 0 < 4.0.1

References

https://github.com/apache/airflow/pull/30223

patch

https://lists.apache.org/thread/lb9w9114ow00h2nkn8bjm106v...

vendor-advisory

http://www.openwall.com/lists/oss-security/2023/04/07/3

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2023
Vulnerability Reserved
Mar 21, 2023

Credit

Xie Jianming of Nsfocus

JSON

Apache

What is CVE-2023-28710?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.