CVE-2023-40272
CVSS V2 None
CVSS V3 None
Description
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.
It is recommended to upgrade to a version that is not affected.
Overview
- CVE ID
- CVE-2023-40272
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-08-17T13:52:30.647Z
- Last Modified Date
- 2023-08-17T13:52:30.647Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7 | vendor-advisory |
http://www.openwall.com/lists/oss-security/2023/08/17/1 | |
http://www.openwall.com/lists/oss-security/2023/08/18/1 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-40272 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40272 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-25 02:15:19 | Added to TrackCVE |