Rewterz Threat Advisory – Multiple Apache Airflow ODBC Provider and MSSQL Provider Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-34395 CVSS:7.8

Apache Airflow ODBC Provider could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw with controllable ODBC driver parameters. By using a specially crafted .DLL file, an authenticated attacker could exploit this vulnerability to gain elevated privileges and execute arbitrary code.

CVE-2023-22886 CVSS:8.8

Apache Airflow JDBC Provider could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request using Connection URL parameters, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-35798 CVSS:4.3

Apache Airflow ODBC Provider and MSSQL Provider could allow a remote authenticated attacker to obtain sensitive information, caused by improper input validation. By sending a specially crafted request using get_sqlalchemy_connection, an attacker could exploit this vulnerability to read arbitrary files, and use this information to launch further attacks against the affected system.

Impact

• Privilege Escalation
• Code Execution
• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2023-34395
• CVE-2023-22886
• CVE-2023-35798

Affected Vendors

Apache

Affected Products

• Apache Airflow ODBC Provider 3.3.0
• Apache Airflow ODBC Provider 3.4.0

Remediation

Upgrade to the latest version of Apache Airflow ODBC Provider, available from the Apache Airflow Website.

CVE-2023-34395

CVE-2023-22886

CVE-2023-35798