Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Apache Airflow Sqoop Provider by Apache Software Foundation

    CVE-2023-27604 (GCVE-0-2023-27604)

    Vulnerability from nvd – Published: 2023-08-28 07:47 – Updated: 2024-09-27 18:46
    VLAI
    Title
    Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability
    Summary
    Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Airflow Sqoop Provider Affected: 0 , < 4.0.0 (semver)
    Create a notification for this product.
    apache airflow_sqoop_provider Affected: 0 , < 4.0.0 (custom)
        cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    happyhacking-k Xie Jianming of Caiji Sec Team Liu Hui of Caiji Sec Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:16:36.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/apache/airflow/pull/33039"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "airflow_sqoop_provider",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThan": "4.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:45:03.537743Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:46:43.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Airflow Sqoop Provider",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThan": "4.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "happyhacking-k"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Xie Jianming of Caiji Sec Team"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Liu Hui of Caiji Sec Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe attacker needs to be logged in and have authorization (permissions) to create/edit connections.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e It is recommended to upgrade to a version that is not affected.\u003cbr\u003eThis issue was reported independently by \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehappyhacking-k\u003c/span\u003e, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."
                }
              ],
              "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.\n\n It is recommended to upgrade to a version that is not affected.\nThis issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-28T07:47:29.702Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/apache/airflow/pull/33039"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-27604",
        "datePublished": "2023-08-28T07:47:29.702Z",
        "dateReserved": "2023-03-04T16:47:10.813Z",
        "dateUpdated": "2024-09-27T18:46:43.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25693 (GCVE-0-2023-25693)

    Vulnerability from nvd – Published: 2023-02-24 11:48 – Updated: 2025-02-13 14:27
    VLAI
    Title
    Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
    Summary
    Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Credits
    L3yx of Syclover Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/apache/airflow/pull/29500"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25693",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-13T14:26:37.171048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-13T14:27:04.792Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Airflow Sqoop Provider",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThan": "3.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": " L3yx of Syclover Security Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.\n\n"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-24T11:48:11.397Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/apache/airflow/pull/29500"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Sqoop Apache Airflow Provider Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-25693",
        "datePublished": "2023-02-24T11:48:11.397Z",
        "dateReserved": "2023-02-12T23:28:53.552Z",
        "dateUpdated": "2025-02-13T14:27:04.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-27604 (GCVE-0-2023-27604)

    Vulnerability from cvelistv5 – Published: 2023-08-28 07:47 – Updated: 2024-09-27 18:46
    VLAI
    Title
    Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability
    Summary
    Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Airflow Sqoop Provider Affected: 0 , < 4.0.0 (semver)
    Create a notification for this product.
    apache airflow_sqoop_provider Affected: 0 , < 4.0.0 (custom)
        cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    happyhacking-k Xie Jianming of Caiji Sec Team Liu Hui of Caiji Sec Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T12:16:36.683Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/apache/airflow/pull/33039"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:airflow_sqoop_provider:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "airflow_sqoop_provider",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThan": "4.0.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-27604",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T18:45:03.537743Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T18:46:43.906Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Airflow Sqoop Provider",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThan": "4.0.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "happyhacking-k"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Xie Jianming of Caiji Sec Team"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Liu Hui of Caiji Sec Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehe attacker needs to be logged in and have authorization (permissions) to create/edit connections.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e It is recommended to upgrade to a version that is not affected.\u003cbr\u003eThis issue was reported independently by \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehappyhacking-k\u003c/span\u003e, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."
                }
              ],
              "value": "Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via \u2018sqoop import --connect\u2019, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections.\n\n It is recommended to upgrade to a version that is not affected.\nThis issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-28T07:47:29.702Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/apache/airflow/pull/33039"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/lswlxf11do51ob7f6xyyg8qp3n7wdrgd"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Apache Airflow Sqoop Provider: Airflow Sqoop Provider RCE Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-27604",
        "datePublished": "2023-08-28T07:47:29.702Z",
        "dateReserved": "2023-03-04T16:47:10.813Z",
        "dateUpdated": "2024-09-27T18:46:43.906Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-25693 (GCVE-0-2023-25693)

    Vulnerability from cvelistv5 – Published: 2023-02-24 11:48 – Updated: 2025-02-13 14:27
    VLAI
    Title
    Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
    Summary
    Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Credits
    L3yx of Syclover Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:25:19.321Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/apache/airflow/pull/29500"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.8,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-25693",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-13T14:26:37.171048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-13T14:27:04.792Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Airflow Sqoop Provider",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThan": "3.1.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": " L3yx of Syclover Security Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.\n\n"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-24T11:48:11.397Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/apache/airflow/pull/29500"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Sqoop Apache Airflow Provider Remote Code Execution Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-25693",
        "datePublished": "2023-02-24T11:48:11.397Z",
        "dateReserved": "2023-02-12T23:28:53.552Z",
        "dateUpdated": "2025-02-13T14:27:04.792Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }