CVE-2023-33234
CVSS V2 None
CVSS V3 None
Description
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection.
In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.
Overview
- CVE ID
- CVE-2023-33234
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-05-30T10:56:56.139Z
- Last Modified Date
- 2023-05-30T10:56:56.139Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://lists.apache.org/thread/n1vpgl6h2qsdm52o9m2tx1oo86tl4gnq | vendor-advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-33234 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33234 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 07:59:18 | Added to TrackCVE |