CVE-2023-27604

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 28, 2023

Updated: Sep 1, 2023

CWE ID 20

Summary

CVE-2023-27604 is a vulnerability affecting Apache Airflow Sqoop Provider, where attackers can exploit a parameter passing issue with connections to execute remote code attacks via the 'sqoop import --connect' command. This vulnerability grants the attacker Airflow server permissions upon successful exploitation, requiring them to be logged in with required permissions to create or edit connections. It is strongly advised to upgrade to an unaffected version as soon as possible. This security flaw was independently reported by happyhacking-k, and was also reported by Caiji Sec Team members Xie Jianming and LiuHui.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sdHmEI
https://www.cve.org/CVERecord?id=CVE-2023-27604
https://nvd.nist.gov/vuln/detail/CVE-2023-27604

Back to Vulnerability Database

CVE-2023-27604

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations